adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5bec8d43-b990-4129-a9f4-45d08064ab0b.json

2245 lines
No EOL
92 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--5bec8d43-b990-4129-a9f4-45d08064ab0b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2021-05-24T09:59:33.000Z",
"modified": "2021-05-24T09:59:33.000Z",
"name": "citizenlab",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5bec8d43-b990-4129-a9f4-45d08064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2021-05-24T09:59:33.000Z",
"modified": "2021-05-24T09:59:33.000Z",
"name": "MISSING LINK: Tibetan Groups Targeted with Mobile Exploits",
"published": "2021-05-26T12:21:53Z",
"object_refs": [
"indicator--5d76dfaf-574c-4253-b1f1-67578064ab0b",
"x-misp-attribute--5d76c9b2-8b24-4fb2-8ff3-61dc8064ab0b",
"x-misp-attribute--5d76c9b2-5654-4b42-a28f-61dc8064ab0b",
"indicator--5d76c70f-df94-4cd0-b977-4cea8064ab0b",
"indicator--5d76c98c-95a0-4186-9d08-61de8064ab0b",
"indicator--5d76c98c-be94-4716-9cc3-61de8064ab0b",
"indicator--5d76c98c-0998-4c3d-94fa-61de8064ab0b",
"indicator--5d76c98c-77cc-4a32-b989-61de8064ab0b",
"indicator--5d76c98c-a620-4e86-969b-61de8064ab0b",
"indicator--5d76c98c-8960-4e6c-be1c-61de8064ab0b",
"indicator--5d76c98c-52b4-4bb9-b61b-61de8064ab0b",
"indicator--5d76c98c-1b78-4933-98f8-61de8064ab0b",
"indicator--5d76c98c-3358-4897-a52b-61de8064ab0b",
"indicator--5d76c98c-6be4-4b4a-9a37-61de8064ab0b",
"indicator--5d76c98c-0cb4-4be5-b3d6-61de8064ab0b",
"indicator--5d76c98c-f230-436d-a69f-61de8064ab0b",
"indicator--5bec8d6d-71e0-40b6-add8-171c8064ab0b",
"indicator--5bec8d6d-6cc8-4aef-b8c9-171c8064ab0b",
"indicator--5d76c7a0-2dac-4e65-a0ca-67208064ab0b",
"indicator--5d76c7a0-3c28-4110-aa88-67208064ab0b",
"indicator--5d76cc33-7aac-4eb8-a1be-66c48064ab0b",
"indicator--5d76cf56-94f8-4a16-84d5-67af8064ab0b",
"indicator--5d76d19b-0704-42fa-95c5-61df8064ab0b",
"indicator--5d76d6f2-f44c-4b21-ba2d-67578064ab0b",
"indicator--5d76dae6-bdc4-4cca-8161-61de8064ab0b",
"indicator--5d76dcf6-f094-47a0-8fd4-4cea8064ab0b",
"indicator--5d76de15-2544-4f39-baed-61db8064ab0b",
"indicator--5bec8d7b-b658-4050-8b3c-45cc8064ab0b",
"indicator--5bed8343-d968-4c72-a106-2b328064ab0b",
"indicator--5bed84bf-8710-4cba-b9eb-05688064ab0b",
"observed-data--5d76c6d3-b878-442a-b476-61de8064ab0b",
"url--5d76c6d3-b878-442a-b476-61de8064ab0b",
"observed-data--5d76c6d3-b644-45e2-a9d7-61de8064ab0b",
"url--5d76c6d3-b644-45e2-a9d7-61de8064ab0b",
"observed-data--5d76c6d3-14c4-4b77-85be-61de8064ab0b",
"url--5d76c6d3-14c4-4b77-85be-61de8064ab0b",
"observed-data--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b",
"url--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b",
"observed-data--5d76c6d3-a174-4130-a62c-61de8064ab0b",
"url--5d76c6d3-a174-4130-a62c-61de8064ab0b",
"observed-data--5d76c6d3-ce00-497f-9284-61de8064ab0b",
"url--5d76c6d3-ce00-497f-9284-61de8064ab0b",
"observed-data--5d76c6d3-1708-4847-8b18-61de8064ab0b",
"url--5d76c6d3-1708-4847-8b18-61de8064ab0b",
"observed-data--5d76c6d3-bb64-4b8d-b773-61de8064ab0b",
"url--5d76c6d3-bb64-4b8d-b773-61de8064ab0b",
"observed-data--5d76c6d3-d218-49a3-96f3-61de8064ab0b",
"url--5d76c6d3-d218-49a3-96f3-61de8064ab0b",
"observed-data--5d76c6d3-0658-494c-afb4-61de8064ab0b",
"url--5d76c6d3-0658-494c-afb4-61de8064ab0b",
"observed-data--5d76c6d3-8624-44df-8338-61de8064ab0b",
"url--5d76c6d3-8624-44df-8338-61de8064ab0b",
"observed-data--5d76c6d3-1170-4f0e-ade3-61de8064ab0b",
"url--5d76c6d3-1170-4f0e-ade3-61de8064ab0b",
"observed-data--5d76c6d3-578c-4a96-88fe-61de8064ab0b",
"url--5d76c6d3-578c-4a96-88fe-61de8064ab0b",
"observed-data--5d76c6d3-7058-403d-a9b1-61de8064ab0b",
"url--5d76c6d3-7058-403d-a9b1-61de8064ab0b",
"observed-data--5d76c6d3-5824-4b00-8dda-61de8064ab0b",
"url--5d76c6d3-5824-4b00-8dda-61de8064ab0b",
"observed-data--5d76c6d3-b8ec-438c-8161-61de8064ab0b",
"url--5d76c6d3-b8ec-438c-8161-61de8064ab0b",
"observed-data--5d76c6d3-a530-4671-8fab-61de8064ab0b",
"url--5d76c6d3-a530-4671-8fab-61de8064ab0b",
"observed-data--5d76c6d3-bd08-4528-9fab-61de8064ab0b",
"url--5d76c6d3-bd08-4528-9fab-61de8064ab0b",
"observed-data--5d76c6d3-936c-411b-a0c9-61de8064ab0b",
"url--5d76c6d3-936c-411b-a0c9-61de8064ab0b",
"observed-data--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b",
"url--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b",
"observed-data--5d76c6d3-2150-4f97-80c4-61de8064ab0b",
"url--5d76c6d3-2150-4f97-80c4-61de8064ab0b",
"observed-data--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b",
"url--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b",
"observed-data--5d76c6d3-8604-4125-b369-61de8064ab0b",
"url--5d76c6d3-8604-4125-b369-61de8064ab0b",
"observed-data--5d76c6d4-7398-45b0-b5e9-61de8064ab0b",
"url--5d76c6d4-7398-45b0-b5e9-61de8064ab0b",
"observed-data--5d76c6d4-0854-4d51-8fb7-61de8064ab0b",
"url--5d76c6d4-0854-4d51-8fb7-61de8064ab0b",
"observed-data--5d76c6d4-2fb8-46f2-a589-61de8064ab0b",
"url--5d76c6d4-2fb8-46f2-a589-61de8064ab0b",
"observed-data--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b",
"url--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b",
"observed-data--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b",
"url--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b",
"observed-data--5d76c6d4-52b4-413f-bf04-61de8064ab0b",
"url--5d76c6d4-52b4-413f-bf04-61de8064ab0b",
"observed-data--5d76c6d4-dde0-484e-ac13-61de8064ab0b",
"url--5d76c6d4-dde0-484e-ac13-61de8064ab0b",
"observed-data--5d76c6d4-3b64-4591-b0df-61de8064ab0b",
"url--5d76c6d4-3b64-4591-b0df-61de8064ab0b",
"observed-data--5d76c730-b4c0-4746-af7e-61db8064ab0b",
"url--5d76c730-b4c0-4746-af7e-61db8064ab0b",
"indicator--5d892cd4-fba0-4c21-90d9-0b328064ab0b",
"observed-data--5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
"email-message--5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
"email-addr--5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
"observed-data--5d76e2eb-df2c-4913-b458-67578064ab0b",
"email-message--5d76e2eb-df2c-4913-b458-67578064ab0b",
"email-addr--5d76e2eb-df2c-4913-b458-67578064ab0b",
"observed-data--5d76e2eb-e004-41d8-bc9d-67578064ab0b",
"email-message--5d76e2eb-e004-41d8-bc9d-67578064ab0b",
"email-addr--5d76e2eb-e004-41d8-bc9d-67578064ab0b",
"observed-data--5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
"email-message--5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
"email-addr--5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
"observed-data--5d8545bf-ec98-4d0c-a8a3-55038064ab0b",
"file--5d8545bf-ec98-4d0c-a8a3-55038064ab0b",
"observed-data--5d8545d4-ee30-435b-827e-55078064ab0b",
"file--5d8545d4-ee30-435b-827e-55078064ab0b",
"observed-data--5d8545e3-c264-43d8-9666-55068064ab0b",
"file--5d8545e3-c264-43d8-9666-55068064ab0b",
"observed-data--5d854603-8bf4-44fe-96ae-47ce8064ab0b",
"file--5d854603-8bf4-44fe-96ae-47ce8064ab0b",
"indicator--bf16e26f-a501-48ec-850c-b1e55711bbcb",
"x-misp-object--7b247766-cfe9-4dbf-9d65-7511b9033460",
"indicator--07e42fa1-5891-414c-9d6a-7628f55a1d1f",
"x-misp-object--e29771d7-c7aa-41b6-8c87-6ebb84ed0786",
"indicator--6ff6b2b5-97ef-4ef1-b90f-242ed5049581",
"x-misp-object--53bad3c7-cc5b-4539-892d-470596a8998f",
"indicator--de8d9fd8-b456-4b2d-b62e-118637749f2b",
"x-misp-object--2317431c-4652-4dfc-b063-499e9e627c8f",
"indicator--d6592ce4-117e-4cd7-9969-abe216690882",
"x-misp-object--5b8d4815-cde6-498e-9914-3b4a785000f9",
"relationship--4b094c2c-4ed0-46d7-beb1-9a016e52569c",
"relationship--77247f09-63a9-477e-85ff-d934ecb7391f",
"relationship--e37d9cd6-a465-4d74-b5de-c2bf6f56c811",
"relationship--03f9fb7d-5c10-4222-9d39-6df72badc6ac",
"relationship--f27a7080-8a63-4bb1-85eb-d373b84463db"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76dfaf-574c-4253-b1f1-67578064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T23:33:51.000Z",
"modified": "2019-09-09T23:33:51.000Z",
"description": "iOS payload",
"pattern": "[file:hashes.SHA256 = '0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T23:33:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d76c9b2-8b24-4fb2-8ff3-61dc8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:52:50.000Z",
"modified": "2019-09-09T21:52:50.000Z",
"labels": [
"misp:type=\"whois-registrant-email\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "whois-registrant-email",
"x_misp_value": "dashenqu832@outlook.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d76c9b2-5654-4b42-a28f-61dc8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:52:50.000Z",
"modified": "2019-09-09T21:52:50.000Z",
"labels": [
"misp:type=\"whois-registrant-email\"",
"misp:category=\"Attribution\""
],
"x_misp_category": "Attribution",
"x_misp_type": "whois-registrant-email",
"x_misp_value": "ornaments798@outlook.com"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c70f-df94-4cd0-b977-4cea8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T23:33:59.000Z",
"modified": "2019-09-09T23:33:59.000Z",
"pattern": "[domain-name:value = 'www.energy-mail.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T23:33:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c98c-95a0-4186-9d08-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:52:12.000Z",
"modified": "2019-09-09T21:52:12.000Z",
"pattern": "[domain-name:value = 'antmoving.online']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T21:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c98c-be94-4716-9cc3-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:52:12.000Z",
"modified": "2019-09-09T21:52:12.000Z",
"pattern": "[domain-name:value = 'beemail.online']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T21:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c98c-0998-4c3d-94fa-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:52:12.000Z",
"modified": "2019-09-09T21:52:12.000Z",
"pattern": "[domain-name:value = 'bf.mk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T21:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c98c-77cc-4a32-b989-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:52:12.000Z",
"modified": "2019-09-09T21:52:12.000Z",
"pattern": "[domain-name:value = 'energy-mail.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T21:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c98c-a620-4e86-969b-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:52:12.000Z",
"modified": "2019-09-09T21:52:12.000Z",
"pattern": "[domain-name:value = 'gmailapp.me']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T21:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c98c-8960-4e6c-be1c-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:52:12.000Z",
"modified": "2019-09-09T21:52:12.000Z",
"pattern": "[domain-name:value = 'izelense.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T21:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c98c-52b4-4bb9-b61b-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:52:12.000Z",
"modified": "2019-09-09T21:52:12.000Z",
"pattern": "[domain-name:value = 'mailanalysis.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T21:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c98c-1b78-4933-98f8-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:52:12.000Z",
"modified": "2019-09-09T21:52:12.000Z",
"pattern": "[domain-name:value = 'mailcontactanalysis.online']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T21:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c98c-3358-4897-a52b-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:52:12.000Z",
"modified": "2019-09-09T21:52:12.000Z",
"pattern": "[domain-name:value = 'mailnotes.online']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T21:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c98c-6be4-4b4a-9a37-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:52:12.000Z",
"modified": "2019-09-09T21:52:12.000Z",
"pattern": "[domain-name:value = 'polarismail.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T21:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c98c-0cb4-4be5-b3d6-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:52:12.000Z",
"modified": "2019-09-09T21:52:12.000Z",
"pattern": "[domain-name:value = 'rf.mk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T21:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c98c-f230-436d-a69f-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:52:12.000Z",
"modified": "2019-09-09T21:52:12.000Z",
"pattern": "[domain-name:value = 'walkingnote.online']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T21:52:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bec8d6d-71e0-40b6-add8-171c8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2018-11-14T21:02:55.000Z",
"modified": "2018-11-14T21:02:55.000Z",
"pattern": "[domain-name:value = 'www.msap.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-14T21:02:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bec8d6d-6cc8-4aef-b8c9-171c8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2018-11-14T21:02:58.000Z",
"modified": "2018-11-14T21:02:58.000Z",
"pattern": "[domain-name:value = 'msap.services']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-14T21:02:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c7a0-2dac-4e65-a0ca-67208064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:44:00.000Z",
"modified": "2019-09-09T21:44:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.32.75.217']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T21:44:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76c7a0-3c28-4110-aa88-67208064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-20T21:39:17.000Z",
"modified": "2019-09-20T21:39:17.000Z",
"description": "Android exploit server",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.149.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-20T21:39:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76cc33-7aac-4eb8-a1be-66c48064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T23:34:08.000Z",
"modified": "2019-09-09T23:34:08.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.78.79.100']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T23:34:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76cf56-94f8-4a16-84d5-67af8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T22:16:54.000Z",
"modified": "2019-09-09T22:16:54.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.28.93.11']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T22:16:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76d19b-0704-42fa-95c5-61df8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T23:34:47.000Z",
"modified": "2019-09-09T23:34:47.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.169.2.57']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T23:34:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76d6f2-f44c-4b21-ba2d-67578064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T22:49:22.000Z",
"modified": "2019-09-09T22:49:22.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.189.65.198']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T22:49:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76dae6-bdc4-4cca-8161-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T23:06:14.000Z",
"modified": "2019-09-09T23:06:14.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '140.82.17.222']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T23:06:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76dcf6-f094-47a0-8fd4-4cea8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T23:35:01.000Z",
"modified": "2019-09-09T23:35:01.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.53.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T23:35:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d76de15-2544-4f39-baed-61db8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T23:19:49.000Z",
"modified": "2019-09-09T23:19:49.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.32.91.137']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-09T23:19:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bec8d7b-b658-4050-8b3c-45cc8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-20T21:41:18.000Z",
"modified": "2019-09-20T21:41:18.000Z",
"description": "iOS exploit server",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.202.59.23']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-20T21:41:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bed8343-d968-4c72-a106-2b328064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-20T21:40:08.000Z",
"modified": "2019-09-20T21:40:08.000Z",
"description": "iOS C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.42.58.59']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-20T21:40:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bed84bf-8710-4cba-b9eb-05688064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2018-11-15T14:37:51.000Z",
"modified": "2018-11-15T14:37:51.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '43.251.16.87']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-11-15T14:37:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-b878-442a-b476-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-b878-442a-b476-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-b878-442a-b476-61de8064ab0b",
"value": "http://bit.ly/2z1WayM"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-b644-45e2-a9d7-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-b644-45e2-a9d7-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-b644-45e2-a9d7-61de8064ab0b",
"value": "http://www.msap.services/1R7mqD"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-14c4-4b77-85be-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-14c4-4b77-85be-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-14c4-4b77-85be-61de8064ab0b",
"value": "http://bit.ly/2AYy61a"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b",
"value": "http//www.msap.services/2bKr8Z"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-a174-4130-a62c-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-a174-4130-a62c-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-a174-4130-a62c-61de8064ab0b",
"value": "http://www.msap.services/6FeBOy"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-ce00-497f-9284-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-ce00-497f-9284-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-ce00-497f-9284-61de8064ab0b",
"value": "http://suo.im/5ot25j"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-1708-4847-8b18-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-1708-4847-8b18-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-1708-4847-8b18-61de8064ab0b",
"value": "http://news.cmitcsubs.tk:5000/web/info?org=aHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL29wZW4/aWQ9MUlTakl2eFoxX1g5YkdJSnQtMlpKeDRDRWwzdVVhRmlv"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-bb64-4b8d-b773-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-bb64-4b8d-b773-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-bb64-4b8d-b773-61de8064ab0b",
"value": "http://www.msap.services/yHJbS6"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-d218-49a3-96f3-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-d218-49a3-96f3-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-d218-49a3-96f3-61de8064ab0b",
"value": "http://bit.ly/2qHg3Xt"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-0658-494c-afb4-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-0658-494c-afb4-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-0658-494c-afb4-61de8064ab0b",
"value": "http://www.msap.services/S5gDoN"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-8624-44df-8338-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-8624-44df-8338-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-8624-44df-8338-61de8064ab0b",
"value": "http://bit.ly/2T2CoeX"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-1170-4f0e-ade3-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-1170-4f0e-ade3-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-1170-4f0e-ade3-61de8064ab0b",
"value": "http://www.msap.services/EzpOhU"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-578c-4a96-88fe-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-578c-4a96-88fe-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-578c-4a96-88fe-61de8064ab0b",
"value": "http://bit.ly/2PSvdau"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-7058-403d-a9b1-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-7058-403d-a9b1-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-7058-403d-a9b1-61de8064ab0b",
"value": "http://www.msap.services/GfHuRi"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-5824-4b00-8dda-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-5824-4b00-8dda-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-5824-4b00-8dda-61de8064ab0b",
"value": "http://suo.im/5okeFb"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-b8ec-438c-8161-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-b8ec-438c-8161-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-b8ec-438c-8161-61de8064ab0b",
"value": "http://news.cmitcsubs.tk:5000/web/info?org=aHR0cHM6Ly93d3cubnl0aW1lcy5jb20vMjAxOC8xMS8wMi9vYml0dWFyaWVzL2xvZGktZ3lhcmktZGVhZC5odG1s"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-a530-4671-8fab-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-a530-4671-8fab-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-a530-4671-8fab-61de8064ab0b",
"value": "http://bit.ly/2SVPqdY"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-bd08-4528-9fab-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-bd08-4528-9fab-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-bd08-4528-9fab-61de8064ab0b",
"value": "http://www.msap.services/F8XGNe"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-936c-411b-a0c9-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-936c-411b-a0c9-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-936c-411b-a0c9-61de8064ab0b",
"value": "http://bit.ly/2QroNMt"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b",
"value": "http://www.msap.services/70FtQX"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-2150-4f97-80c4-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-2150-4f97-80c4-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-2150-4f97-80c4-61de8064ab0b",
"value": "http://msap.services/yHJbS6"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b",
"value": "http://bit.ly/2B4GwEf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d3-8604-4125-b369-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d3-8604-4125-b369-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d3-8604-4125-b369-61de8064ab0b",
"value": "http://www.msap.services/XgL5A9"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d4-7398-45b0-b5e9-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:35.000Z",
"modified": "2019-09-09T21:40:35.000Z",
"first_observed": "2019-09-09T21:40:35Z",
"last_observed": "2019-09-09T21:40:35Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d4-7398-45b0-b5e9-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d4-7398-45b0-b5e9-61de8064ab0b",
"value": "http://bit.ly/2T6pCMf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d4-0854-4d51-8fb7-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:36.000Z",
"modified": "2019-09-09T21:40:36.000Z",
"first_observed": "2019-09-09T21:40:36Z",
"last_observed": "2019-09-09T21:40:36Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d4-0854-4d51-8fb7-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d4-0854-4d51-8fb7-61de8064ab0b",
"value": "http://www.msap.services/ZpzstM"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d4-2fb8-46f2-a589-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:36.000Z",
"modified": "2019-09-09T21:40:36.000Z",
"first_observed": "2019-09-09T21:40:36Z",
"last_observed": "2019-09-09T21:40:36Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d4-2fb8-46f2-a589-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d4-2fb8-46f2-a589-61de8064ab0b",
"value": "http://bit.ly/2Drl90q"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:36.000Z",
"modified": "2019-09-09T21:40:36.000Z",
"first_observed": "2019-09-09T21:40:36Z",
"last_observed": "2019-09-09T21:40:36Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b",
"value": "http://www.msap.services/ZQfqzs"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:36.000Z",
"modified": "2019-09-09T21:40:36.000Z",
"first_observed": "2019-09-09T21:40:36Z",
"last_observed": "2019-09-09T21:40:36Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b",
"value": "https://bit.ly/2MgSRwL"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d4-52b4-413f-bf04-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:36.000Z",
"modified": "2019-09-09T21:40:36.000Z",
"first_observed": "2019-09-09T21:40:36Z",
"last_observed": "2019-09-09T21:40:36Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d4-52b4-413f-bf04-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d4-52b4-413f-bf04-61de8064ab0b",
"value": "https://www.energy-mail.org/B20V54"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d4-dde0-484e-ac13-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:36.000Z",
"modified": "2019-09-09T21:40:36.000Z",
"first_observed": "2019-09-09T21:40:36Z",
"last_observed": "2019-09-09T21:40:36Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d4-dde0-484e-ac13-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d4-dde0-484e-ac13-61de8064ab0b",
"value": "https://bit.ly/2XePmYt"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c6d4-3b64-4591-b0df-61de8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:40:36.000Z",
"modified": "2019-09-09T21:40:36.000Z",
"first_observed": "2019-09-09T21:40:36Z",
"last_observed": "2019-09-09T21:40:36Z",
"number_observed": 1,
"object_refs": [
"url--5d76c6d4-3b64-4591-b0df-61de8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c6d4-3b64-4591-b0df-61de8064ab0b",
"value": "http://45.76.149.154:5000/web/info?org=aHR0cDovL3d3dy5waGF5dWwuY29tL25ld3MvYXJ0aWNsZS5hc3B4P2lkPTQxNDc0JmZiY2xpZD1Jd0FSM1RadGdjanppUkhNZFJuOEdhZ1RMUV9iMHFrX0VBZWY2YldxRU5SanhaZkkzRFdPNFpsRExPcFdz"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76c730-b4c0-4746-af7e-61db8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T21:42:08.000Z",
"modified": "2019-09-09T21:42:08.000Z",
"first_observed": "2019-09-09T21:42:08Z",
"last_observed": "2019-09-09T21:42:08Z",
"number_observed": 1,
"object_refs": [
"url--5d76c730-b4c0-4746-af7e-61db8064ab0b"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d76c730-b4c0-4746-af7e-61db8064ab0b",
"value": "http://43.251.16.87:5000//dev/loader"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d892cd4-fba0-4c21-90d9-0b328064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-23T20:36:36.000Z",
"modified": "2019-09-23T20:36:36.000Z",
"description": "Scotch user agent",
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'hots scot']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-23T20:36:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T23:40:27.000Z",
"modified": "2019-09-09T23:40:27.000Z",
"first_observed": "2019-09-09T23:40:27Z",
"last_observed": "2019-09-09T23:40:27Z",
"number_observed": 1,
"object_refs": [
"email-message--5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
"email-addr--5d76e2eb-abe8-44bb-8dbf-67578064ab0b"
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
"is_multipart": false,
"from_ref": "email-addr--5d76e2eb-abe8-44bb-8dbf-67578064ab0b"
},
{
"type": "email-addr",
"spec_version": "2.1",
"id": "email-addr--5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
"value": "antmoving.online@gmail.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76e2eb-df2c-4913-b458-67578064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T23:40:27.000Z",
"modified": "2019-09-09T23:40:27.000Z",
"first_observed": "2019-09-09T23:40:27Z",
"last_observed": "2019-09-09T23:40:27Z",
"number_observed": 1,
"object_refs": [
"email-message--5d76e2eb-df2c-4913-b458-67578064ab0b",
"email-addr--5d76e2eb-df2c-4913-b458-67578064ab0b"
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5d76e2eb-df2c-4913-b458-67578064ab0b",
"is_multipart": false,
"from_ref": "email-addr--5d76e2eb-df2c-4913-b458-67578064ab0b"
},
{
"type": "email-addr",
"spec_version": "2.1",
"id": "email-addr--5d76e2eb-df2c-4913-b458-67578064ab0b",
"value": "energymail.org@gmail.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76e2eb-e004-41d8-bc9d-67578064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T23:40:27.000Z",
"modified": "2019-09-09T23:40:27.000Z",
"first_observed": "2019-09-09T23:40:27Z",
"last_observed": "2019-09-09T23:40:27Z",
"number_observed": 1,
"object_refs": [
"email-message--5d76e2eb-e004-41d8-bc9d-67578064ab0b",
"email-addr--5d76e2eb-e004-41d8-bc9d-67578064ab0b"
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5d76e2eb-e004-41d8-bc9d-67578064ab0b",
"is_multipart": false,
"from_ref": "email-addr--5d76e2eb-e004-41d8-bc9d-67578064ab0b"
},
{
"type": "email-addr",
"spec_version": "2.1",
"id": "email-addr--5d76e2eb-e004-41d8-bc9d-67578064ab0b",
"value": "jameslewis199106@gmail.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-09T23:40:27.000Z",
"modified": "2019-09-09T23:40:27.000Z",
"first_observed": "2019-09-09T23:40:27Z",
"last_observed": "2019-09-09T23:40:27Z",
"number_observed": 1,
"object_refs": [
"email-message--5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
"email-addr--5d76e2eb-37c8-4b75-b5d7-67578064ab0b"
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
"is_multipart": false,
"from_ref": "email-addr--5d76e2eb-37c8-4b75-b5d7-67578064ab0b"
},
{
"type": "email-addr",
"spec_version": "2.1",
"id": "email-addr--5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
"value": "touchxun658@gmail.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d8545bf-ec98-4d0c-a8a3-55038064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-20T21:33:51.000Z",
"modified": "2019-09-20T21:33:51.000Z",
"first_observed": "2019-09-20T21:33:51Z",
"last_observed": "2019-09-20T21:33:51Z",
"number_observed": 1,
"object_refs": [
"file--5d8545bf-ec98-4d0c-a8a3-55038064ab0b"
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d8545bf-ec98-4d0c-a8a3-55038064ab0b",
"hashes": {
"SHA-256": "6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d8545d4-ee30-435b-827e-55078064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-20T21:34:12.000Z",
"modified": "2019-09-20T21:34:12.000Z",
"first_observed": "2019-09-20T21:34:12Z",
"last_observed": "2019-09-20T21:34:12Z",
"number_observed": 1,
"object_refs": [
"file--5d8545d4-ee30-435b-827e-55078064ab0b"
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d8545d4-ee30-435b-827e-55078064ab0b",
"hashes": {
"SHA-256": "e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d8545e3-c264-43d8-9666-55068064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-20T21:34:27.000Z",
"modified": "2019-09-20T21:34:27.000Z",
"first_observed": "2019-09-20T21:34:27Z",
"last_observed": "2019-09-20T21:34:27Z",
"number_observed": 1,
"object_refs": [
"file--5d8545e3-c264-43d8-9666-55068064ab0b"
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d8545e3-c264-43d8-9666-55068064ab0b",
"hashes": {
"SHA-256": "0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d854603-8bf4-44fe-96ae-47ce8064ab0b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-20T21:34:59.000Z",
"modified": "2019-09-20T21:34:59.000Z",
"first_observed": "2019-09-20T21:34:59Z",
"last_observed": "2019-09-20T21:34:59Z",
"number_observed": 1,
"object_refs": [
"file--5d854603-8bf4-44fe-96ae-47ce8064ab0b"
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d854603-8bf4-44fe-96ae-47ce8064ab0b",
"hashes": {
"SHA-256": "b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88"
}
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--bf16e26f-a501-48ec-850c-b1e55711bbcb",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-25T10:32:27.000Z",
"modified": "2019-09-25T10:32:27.000Z",
"pattern": "[file:hashes.MD5 = 'fb7bab3571e557ee7f88309dc472f748' AND file:hashes.SHA1 = '68533858c90515369a1d2f36d72cb3537de58437' AND file:hashes.SHA256 = 'b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-25T10:32:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--7b247766-cfe9-4dbf-9d65-7511b9033460",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-25T10:32:27.000Z",
"modified": "2019-09-25T10:32:27.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-09-24T22:38:19",
"category": "Other",
"comment": "Loader",
"uuid": "4462e200-9d40-4c54-9e90-5d20c74e6bfd"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88/analysis/1569364699/",
"category": "Payload delivery",
"comment": "Loader",
"uuid": "8d1378f4-ea14-4387-8d7a-d85ca5b071de"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/57",
"category": "Payload delivery",
"comment": "Loader",
"uuid": "8b05523a-b753-4eba-81e0-b89f5a6ab696"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--07e42fa1-5891-414c-9d6a-7628f55a1d1f",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-25T10:32:28.000Z",
"modified": "2019-09-25T10:32:28.000Z",
"pattern": "[file:hashes.MD5 = '111ba6564931fccb7f4d0e940b492520' AND file:hashes.SHA1 = '33ea7c4ad4f6d0b59b7b4de906735483e6e8cff7' AND file:hashes.SHA256 = 'e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-25T10:32:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--e29771d7-c7aa-41b6-8c87-6ebb84ed0786",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-25T10:32:28.000Z",
"modified": "2019-09-25T10:32:28.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-09-25T04:23:12",
"category": "Other",
"comment": "Whisky",
"uuid": "d5e4a39f-9daa-4aa4-aba5-8c71ae50e624"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3/analysis/1569385392/",
"category": "Payload delivery",
"comment": "Whisky",
"uuid": "271b9e9f-9c1b-4d87-a122-3ecacf84a57b"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "2/56",
"category": "Payload delivery",
"comment": "Whisky",
"uuid": "c4751a17-01e5-4b62-8e6c-576d2aab11cf"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--6ff6b2b5-97ef-4ef1-b90f-242ed5049581",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-25T10:32:28.000Z",
"modified": "2019-09-25T10:32:28.000Z",
"pattern": "[file:hashes.MD5 = '0d5158b33dc32cfd3c020f9dd13bde55' AND file:hashes.SHA1 = 'df4c6cd8e046d7072cd833575593069f28a02674' AND file:hashes.SHA256 = '6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-25T10:32:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--53bad3c7-cc5b-4539-892d-470596a8998f",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-25T10:32:28.000Z",
"modified": "2019-09-25T10:32:28.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-09-25T04:23:29",
"category": "Other",
"comment": "libbourbon",
"uuid": "a9483f0b-b532-4933-8cf6-cfd2109189e6"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7/analysis/1569385409/",
"category": "Payload delivery",
"comment": "libbourbon",
"uuid": "7b7d7f13-40a7-4906-91fc-d315674418f3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "2/55",
"category": "Payload delivery",
"comment": "libbourbon",
"uuid": "0bbfca68-2eb1-4495-86ec-ab68a0d267c9"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--de8d9fd8-b456-4b2d-b62e-118637749f2b",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-25T10:32:28.000Z",
"modified": "2019-09-25T10:32:28.000Z",
"pattern": "[file:hashes.MD5 = 'fb713151159601eef43226aadd7bb5a6' AND file:hashes.SHA1 = 'fedb77270570b8c401577b65595a9b32e2fa368a' AND file:hashes.SHA256 = '0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-25T10:32:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--2317431c-4652-4dfc-b063-499e9e627c8f",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-25T10:32:29.000Z",
"modified": "2019-09-25T10:32:29.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-09-24T22:38:17",
"category": "Other",
"comment": "Scotch",
"uuid": "9c01d4ea-e2be-4494-94a3-e63a19dd0abe"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa/analysis/1569364697/",
"category": "Payload delivery",
"comment": "Scotch",
"uuid": "4350a59c-0d18-4044-9956-66634701dbc3"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "1/58",
"category": "Payload delivery",
"comment": "Scotch",
"uuid": "5634a47e-9a8c-483f-af69-13deaf6d152a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--d6592ce4-117e-4cd7-9969-abe216690882",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-25T10:32:30.000Z",
"modified": "2019-09-25T10:32:30.000Z",
"pattern": "[file:hashes.MD5 = 'fa3aeb8ce67077e54b09e0e4c80e3814' AND file:hashes.SHA1 = '24ef2efdb2348cf9db3fb5bf79555e1ffe411c68' AND file:hashes.SHA256 = '0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-09-25T10:32:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5b8d4815-cde6-498e-9914-3b4a785000f9",
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
"created": "2019-09-25T10:32:30.000Z",
"modified": "2019-09-25T10:32:30.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-09-25T10:00:33",
"category": "Other",
"comment": "iOS payload",
"uuid": "98623fdf-dc92-4290-bc36-de3d32dff2e4"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560/analysis/1569405633/",
"category": "External analysis",
"comment": "iOS payload",
"uuid": "14f169f7-d2c4-4be0-bef3-adc7ff0e345d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "18/55",
"category": "Artifacts dropped",
"comment": "iOS payload",
"uuid": "bbd53242-0d06-4119-ad7b-2884119a5c84"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--4b094c2c-4ed0-46d7-beb1-9a016e52569c",
"created": "2021-05-24T09:59:33.000Z",
"modified": "2021-05-24T09:59:33.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--bf16e26f-a501-48ec-850c-b1e55711bbcb",
"target_ref": "x-misp-object--7b247766-cfe9-4dbf-9d65-7511b9033460"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--77247f09-63a9-477e-85ff-d934ecb7391f",
"created": "2021-05-24T09:59:33.000Z",
"modified": "2021-05-24T09:59:33.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--07e42fa1-5891-414c-9d6a-7628f55a1d1f",
"target_ref": "x-misp-object--e29771d7-c7aa-41b6-8c87-6ebb84ed0786"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e37d9cd6-a465-4d74-b5de-c2bf6f56c811",
"created": "2021-05-24T09:59:33.000Z",
"modified": "2021-05-24T09:59:33.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--6ff6b2b5-97ef-4ef1-b90f-242ed5049581",
"target_ref": "x-misp-object--53bad3c7-cc5b-4539-892d-470596a8998f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--03f9fb7d-5c10-4222-9d39-6df72badc6ac",
"created": "2021-05-24T09:59:33.000Z",
"modified": "2021-05-24T09:59:33.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--de8d9fd8-b456-4b2d-b62e-118637749f2b",
"target_ref": "x-misp-object--2317431c-4652-4dfc-b063-499e9e627c8f"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f27a7080-8a63-4bb1-85eb-d373b84463db",
"created": "2021-05-24T09:59:33.000Z",
"modified": "2021-05-24T09:59:33.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--d6592ce4-117e-4cd7-9969-abe216690882",
"target_ref": "x-misp-object--5b8d4815-cde6-498e-9914-3b4a785000f9"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink