adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5d2cae34-7564-4049-b9c4-4ae902de0b81.json

3294 lines
No EOL
140 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--5d2cae34-7564-4049-b9c4-4ae902de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:56.000Z",
"modified": "2019-07-15T17:07:56.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5d2cae34-7564-4049-b9c4-4ae902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:56.000Z",
"modified": "2019-07-15T17:07:56.000Z",
"name": "OSINT - SWEED: Exposing years of Agent Tesla campaigns",
"published": "2019-07-15T17:08:58Z",
"object_refs": [
"observed-data--5d2cae46-6b2c-4405-84c0-aac302de0b81",
"url--5d2cae46-6b2c-4405-84c0-aac302de0b81",
"x-misp-attribute--5d2cae5f-c280-4f19-8954-40d702de0b81",
"indicator--5d2cae94-23d0-4a7e-8786-44ee02de0b81",
"indicator--5d2cae9b-a984-4d8f-bff3-4f8f02de0b81",
"indicator--5d2cae9b-f470-4a85-86f7-415a02de0b81",
"indicator--5d2cae9b-6494-4e1b-85bc-4bfd02de0b81",
"indicator--5d2cae9b-fe6c-438e-b707-427202de0b81",
"indicator--5d2cae9b-5870-4176-a210-4b6202de0b81",
"indicator--5d2cae9b-1e90-4e41-b3a1-407f02de0b81",
"indicator--5d2cae9b-70e4-4321-ad36-4e3102de0b81",
"indicator--5d2cae9c-6690-4d02-a56e-46f102de0b81",
"indicator--5d2cae9c-666c-4919-a174-4f5b02de0b81",
"indicator--5d2cae9c-2630-4021-82aa-426c02de0b81",
"indicator--5d2cae9c-f094-437b-9d54-4e9202de0b81",
"indicator--5d2cae9c-383c-4889-9c11-48bd02de0b81",
"indicator--5d2cae9c-3d7c-4b9a-80c4-476a02de0b81",
"indicator--5d2cae9c-e9ec-4029-86f3-4d6502de0b81",
"indicator--5d2cae9c-0c4c-41e8-abc2-49f902de0b81",
"indicator--5d2cae9c-e824-4946-afd5-44d602de0b81",
"indicator--5d2cae9c-e01c-4903-99ef-45f102de0b81",
"indicator--5d2cae9c-1524-4fdf-9b0f-4eea02de0b81",
"indicator--5d2cae9c-b44c-4332-9357-4b9b02de0b81",
"indicator--5d2cae9c-e814-4e45-b039-471702de0b81",
"indicator--5d2cae9c-fc78-48ff-a437-49ac02de0b81",
"indicator--5d2cae9c-6c04-483c-ad36-43cd02de0b81",
"indicator--5d2cae9c-ca7c-4bf3-8693-4c6a02de0b81",
"indicator--5d2cae9c-617c-4f4d-afbb-468002de0b81",
"indicator--5d2cae9c-b554-47fb-a7ca-4e0c02de0b81",
"indicator--5d2cae9c-616c-437e-a2ac-443002de0b81",
"indicator--5d2cae9c-dd0c-4390-a52b-40ab02de0b81",
"indicator--5d2cae9c-5934-4948-8ff3-4d4702de0b81",
"indicator--5d2cae9c-fadc-4eb9-9144-4c5c02de0b81",
"indicator--5d2cae9c-ab64-4869-a410-4d9402de0b81",
"indicator--5d2cae9c-2744-4ce8-9f5a-493902de0b81",
"indicator--5d2cae9c-5dbc-41c0-9f73-428802de0b81",
"indicator--5d2cae9c-4ed4-48cd-a0f2-4c3c02de0b81",
"indicator--5d2cae9c-ee10-46ac-a202-403702de0b81",
"indicator--5d2cae9c-a6e8-40a5-8b80-4f1902de0b81",
"indicator--5d2cae9c-73d0-4b36-88a7-4bba02de0b81",
"indicator--5d2cae9c-4b40-4b91-8181-496802de0b81",
"indicator--5d2cae9c-f5e4-49a0-80db-405802de0b81",
"indicator--5d2cae9c-40f0-4b2c-8258-422302de0b81",
"indicator--5d2cae9c-f494-42ad-83cf-4ea002de0b81",
"indicator--5d2cae9c-d1f8-4f4c-9f7a-477f02de0b81",
"indicator--5d2cae9c-1620-4928-9e19-4e4002de0b81",
"indicator--5d2cae9c-1588-4f6c-8060-436302de0b81",
"indicator--5d2cae9c-4d0c-483a-b9d8-4c2c02de0b81",
"indicator--5d2cae9c-f130-492c-92f9-464f02de0b81",
"indicator--5d2cae9c-1e40-4218-9feb-45cd02de0b81",
"indicator--5d2cae9c-3474-4e94-977c-4c0302de0b81",
"indicator--5d2cae9c-c488-45f0-8cfd-438702de0b81",
"indicator--5d2cae9c-fffc-4d13-813c-445f02de0b81",
"indicator--5d2cae9d-9a5c-46b2-a8d5-433602de0b81",
"indicator--5d2cae9d-ba14-4774-bef4-44ba02de0b81",
"indicator--5d2cae9d-b4e8-4287-ba31-414d02de0b81",
"indicator--5d2cae9d-bba0-4b0c-ad26-44b302de0b81",
"indicator--5d2cae9d-608c-4017-87be-481a02de0b81",
"indicator--5d2cae9d-7bd4-4df5-8bdf-4c0802de0b81",
"indicator--5d2cae9d-fd18-4adb-8a21-4eee02de0b81",
"indicator--5d2cae9d-c658-4335-a822-407e02de0b81",
"indicator--5d2caf91-ddb0-4d8f-8152-4bbf02de0b81",
"observed-data--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9",
"network-traffic--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9",
"ipv4-addr--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9",
"observed-data--5d2cb1ae-c9f4-4846-8276-4305e387cbd9",
"network-traffic--5d2cb1ae-c9f4-4846-8276-4305e387cbd9",
"ipv4-addr--5d2cb1ae-c9f4-4846-8276-4305e387cbd9",
"observed-data--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9",
"network-traffic--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9",
"ipv4-addr--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9",
"observed-data--5d2cb1b1-0bd4-4844-9628-490fe387cbd9",
"network-traffic--5d2cb1b1-0bd4-4844-9628-490fe387cbd9",
"ipv4-addr--5d2cb1b1-0bd4-4844-9628-490fe387cbd9",
"observed-data--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9",
"network-traffic--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9",
"ipv4-addr--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9",
"observed-data--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9",
"network-traffic--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9",
"ipv4-addr--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9",
"observed-data--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9",
"network-traffic--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9",
"ipv4-addr--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9",
"observed-data--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9",
"network-traffic--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9",
"ipv4-addr--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9",
"observed-data--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9",
"network-traffic--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9",
"ipv4-addr--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9",
"indicator--5d2cb25b-18e4-4b9b-9dff-4dbe02de0b81",
"x-misp-attribute--5d2cb281-9ea8-457e-b4fd-4ada02de0b81",
"indicator--5d2cb2b1-63bc-457a-9f3b-429a02de0b81",
"indicator--5d2cb2b2-2b08-458c-a55f-443d02de0b81",
"indicator--5d2cb2b2-327c-4bc3-907c-404602de0b81",
"indicator--5d2cb2d2-ea6c-4c3d-9789-48ff02de0b81",
"indicator--5d2cb2d2-85f0-46c2-aa47-4fdf02de0b81",
"indicator--5d2cb2d2-251c-44ac-a8ff-482202de0b81",
"indicator--5d2cb2d2-8c98-448e-8f6b-451802de0b81",
"indicator--5d2cb2d2-f618-4373-936d-4e5002de0b81",
"indicator--5d2cb2d2-15ac-4588-87e0-481702de0b81",
"indicator--5d2cb2d2-76e0-4b97-a41f-497502de0b81",
"indicator--5d2cb2ec-8c84-4ac2-a0fc-4c1a02de0b81",
"indicator--5d2cb2ec-0554-4b04-b70f-46e402de0b81",
"indicator--5d2cb2ec-fcc8-4890-85bc-49ba02de0b81",
"indicator--5d2cb2ec-11b4-46cc-8f66-426d02de0b81",
"indicator--5d2cb2ec-86c8-4d2e-8f25-44b202de0b81",
"indicator--5d2cb2ec-e324-4981-bae1-495b02de0b81",
"indicator--5d2cb2ec-ea9c-4004-bfb5-4ef902de0b81",
"indicator--5d2cb2ec-561c-4376-b159-46e102de0b81",
"indicator--5d2cb2ec-55e8-474c-bf23-492e02de0b81",
"indicator--5d2cb2ec-e784-4aa2-83df-456402de0b81",
"indicator--5d2cb2ec-bcf8-414e-b7bf-409502de0b81",
"indicator--5d2cb2ec-0100-4c07-902f-484302de0b81",
"indicator--5d2caf42-e134-4c02-8eda-45d702de0b81",
"indicator--5d2caf6c-a478-4dd2-a816-4a5e02de0b81",
"indicator--90a459a2-ebdb-4229-9b32-7e02479444cf",
"x-misp-object--a99ed487-ccf6-481c-9b2e-31274a7de66b",
"indicator--fa3e47a5-e0ae-420e-9eaa-1242638e7cc3",
"x-misp-object--5942866c-758a-412c-b1e8-6d51f4978c65",
"indicator--a1f9e105-0d5f-471f-8da2-7b6af6110a47",
"x-misp-object--d20b466c-ddd8-4f9c-b27c-1e5abaabc9ad",
"indicator--5d2cb00d-a38c-4241-9ae1-40db02de0b81",
"indicator--5d2cb071-13f4-4927-b73c-409902de0b81",
"indicator--5d2cb0ad-7148-479f-b5ea-97a202de0b81",
"indicator--5d2cb145-d424-4c65-8ff4-401b02de0b81",
"indicator--5d2cb17f-e3a8-4d42-84c0-4cee02de0b81",
"indicator--f0efcfb4-d9f2-4fed-b2ab-07728dbefb63",
"x-misp-object--9ea6369a-c1e9-42ce-8c58-f359fe2f78d1",
"x-misp-object--5d15455c-9cb2-43a9-85f5-31c2c47f3f6a",
"indicator--ef9c46e1-2109-4f2d-a196-0b32db320dde",
"x-misp-object--57ad2c35-47de-4478-a5a2-ef662992dbd7",
"indicator--94899e17-3ab7-4ef6-b462-5511f61bebc5",
"x-misp-object--af2f967c-2424-4564-978c-5cdb327139f9",
"indicator--b7cc06ad-5ab0-4f8a-b454-f3795dd44acf",
"x-misp-object--6d2912db-ff65-482e-8a39-c7aa4d2f68a6",
"x-misp-object--8c40c4c1-8e29-4715-ac40-3403a10e3b6e",
"indicator--641d3a70-e79d-4e0c-ad91-1bf7ec2ffec4",
"x-misp-object--f00b6044-39c2-494d-9351-0a5aeea8581c",
"relationship--efd3a832-0b92-4bb2-a3db-eedbe84595f3",
"relationship--713e7107-d8b2-434c-8dc9-9ce6ea865d01",
"relationship--faa86864-e895-427b-b7a0-7a84c26b9d92",
"relationship--14a2d6bd-f486-4606-81d4-9103d139c216",
"relationship--49eaf81e-15bc-4ad3-a7a0-afd9a94f8e42",
"relationship--070538d0-77b7-460d-b6a3-c76e839b4158",
"relationship--68da5e71-293d-4691-af48-aed73110b77a",
"relationship--f6dfca8a-ef43-4ce0-bcba-8835638ba6aa",
"relationship--337bc13f-555e-4a17-84df-8555acfc126f",
"relationship--d5a80c79-cbe0-4ad3-865b-bc1459928d1e"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"75\"",
"misp-galaxy:malpedia=\"Agent Tesla\"",
"misp-galaxy:mitre-malware=\"Agent Tesla - S0331\"",
"misp-galaxy:tool=\"Agent Tesla\"",
"workflow:todo=\"create-missing-misp-galaxy-cluster\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d2cae46-6b2c-4405-84c0-aac302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:48:06.000Z",
"modified": "2019-07-15T16:48:06.000Z",
"first_observed": "2019-07-15T16:48:06Z",
"last_observed": "2019-07-15T16:48:06Z",
"number_observed": 1,
"object_refs": [
"url--5d2cae46-6b2c-4405-84c0-aac302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d2cae46-6b2c-4405-84c0-aac302de0b81",
"value": "https://blog.talosintelligence.com/2019/07/sweed-agent-tesla.html"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d2cae5f-c280-4f19-8954-40d702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:48:31.000Z",
"modified": "2019-07-15T16:48:31.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Cisco Talos recently identified a large number of ongoing malware distribution campaigns linked to a threat actor we're calling \"SWEED,\" including such notable malware as Formbook, Lokibot and Agent Tesla. Based on our research, SWEED \u00e2\u20ac\u201d which has been operating since at least 2017 \u00e2\u20ac\u201d primarily targets their victims with stealers and remote access trojans.\r\n\r\nSWEED remains consistent across most of their campaigns in their use of spear-phishing emails with malicious attachments. While these campaigns have featured a myriad of different types of malicious documents, the actor primarily tries to infect its victims with a packed version of Agent Tesla \u00e2\u20ac\u201d an information stealer that's been around since at least 2014. The version of Agent Tesla that SWEED is using differs slightly from what we've seen in the past in the way that it is packed, as well as how it infects the system. In this post, we'll run down each campaign we're able to connect to SWEED, and talk about some of the actor's tactics, techniques and procedures (TTPs)."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae94-23d0-4a7e-8786-44ee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:24.000Z",
"modified": "2019-07-15T16:49:24.000Z",
"pattern": "[domain-name:value = 'sweeddehacklord.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9b-a984-4d8f-bff3-4f8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:31.000Z",
"modified": "2019-07-15T16:49:31.000Z",
"pattern": "[domain-name:value = 'sweed-office.comie.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9b-f470-4a85-86f7-415a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:31.000Z",
"modified": "2019-07-15T16:49:31.000Z",
"pattern": "[domain-name:value = 'sweed-viki.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9b-6494-4e1b-85bc-4bfd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:31.000Z",
"modified": "2019-07-15T16:49:31.000Z",
"pattern": "[domain-name:value = 'sweedoffice.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9b-fe6c-438e-b707-427202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:31.000Z",
"modified": "2019-07-15T16:49:31.000Z",
"pattern": "[domain-name:value = 'sweedoffice-olamide.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9b-5870-4176-a210-4b6202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:31.000Z",
"modified": "2019-07-15T16:49:31.000Z",
"pattern": "[domain-name:value = 'sweedoffice-chuks.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9b-1e90-4e41-b3a1-407f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:31.000Z",
"modified": "2019-07-15T16:49:31.000Z",
"pattern": "[domain-name:value = 'www.sweedoffice-kc.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9b-70e4-4321-ad36-4e3102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:31.000Z",
"modified": "2019-07-15T16:49:31.000Z",
"pattern": "[domain-name:value = 'sweedoffice-kc.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-6690-4d02-a56e-46f102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:31.000Z",
"modified": "2019-07-15T16:49:31.000Z",
"pattern": "[domain-name:value = 'sweedoffice-goodman.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-666c-4919-a174-4f5b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'sweedoffice-bosskobi.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-2630-4021-82aa-426c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'www.sweedoffice-olamide.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-f094-437b-9d54-4e9202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'www.sweedoffice-chuks.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-383c-4889-9c11-48bd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'aelna.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-3d7c-4b9a-80c4-476a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'candqre.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-e9ec-4029-86f3-4d6502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'spedaqinterfreight.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-0c4c-41e8-abc2-49f902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'worldjaquar.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-e824-4946-afd5-44d602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'zurieh.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-e01c-4903-99ef-45f102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'aiaininsurance.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-1524-4fdf-9b0f-4eea02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'aidanube.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-b44c-4332-9357-4b9b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'anernostat.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-e814-4e45-b039-471702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'blssleel.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-fc78-48ff-a437-49ac02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'bwayachtng.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-6c04-483c-ad36-43cd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'cablsol.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-ca7c-4bf3-8693-4c6a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'catalanoshpping.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-617c-4f4d-afbb-468002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'cawus-coskunsu.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-b554-47fb-a7ca-4e0c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'crosspoiimeri.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-616c-437e-a2ac-443002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'dougiasbarwick.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-dd0c-4390-a52b-40ab02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'erieil.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-5934-4948-8ff3-4d4702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'etqworld.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-fadc-4eb9-9144-4c5c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'evegreen-shipping.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-ab64-4869-a410-4d9402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'gufageneys.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-2744-4ce8-9f5a-493902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'hybru.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-5dbc-41c0-9f73-428802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'intermodaishipping.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-4ed4-48cd-a0f2-4c3c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'jltqroup.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-ee10-46ac-a202-403702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'jyexports.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-a6e8-40a5-8b80-4f1902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'kayneslnterconnection.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-73d0-4b36-88a7-4bba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'kn-habour.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-4b40-4b91-8181-496802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'leocouriercompany.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-f5e4-49a0-80db-405802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'lnnovalues.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-40f0-4b2c-8258-422302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'mglt-mea.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-f494-42ad-83cf-4ea002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'mti-transt.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-d1f8-4f4c-9f7a-477f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'profbuiiders.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-1620-4928-9e19-4e4002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'quycarp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-1588-4f6c-8060-436302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'regionaitradeinspections.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-4d0c-483a-b9d8-4c2c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'repotc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-f130-492c-92f9-464f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'rsaqencies.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-1e40-4218-9feb-45cd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'samhwansleel.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-3474-4e94-977c-4c0302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'serec.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-c488-45f0-8cfd-438702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'snapqata.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9c-fffc-4d13-813c-445f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:32.000Z",
"modified": "2019-07-15T16:49:32.000Z",
"pattern": "[domain-name:value = 'sukrltiv.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9d-9a5c-46b2-a8d5-433602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:33.000Z",
"modified": "2019-07-15T16:49:33.000Z",
"pattern": "[domain-name:value = 'supe-lab.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9d-ba14-4774-bef4-44ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:33.000Z",
"modified": "2019-07-15T16:49:33.000Z",
"pattern": "[domain-name:value = 'usarmy-mill.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9d-b4e8-4287-ba31-414d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:33.000Z",
"modified": "2019-07-15T16:49:33.000Z",
"pattern": "[domain-name:value = 'virdtech.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9d-bba0-4b0c-ad26-44b302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:33.000Z",
"modified": "2019-07-15T16:49:33.000Z",
"pattern": "[domain-name:value = 'willistoweswatson.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9d-608c-4017-87be-481a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:33.000Z",
"modified": "2019-07-15T16:49:33.000Z",
"pattern": "[domain-name:value = 'xlnya-cn.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9d-7bd4-4df5-8bdf-4c0802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:33.000Z",
"modified": "2019-07-15T16:49:33.000Z",
"pattern": "[domain-name:value = 'zarpac.us']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9d-fd18-4adb-8a21-4eee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:33.000Z",
"modified": "2019-07-15T16:49:33.000Z",
"pattern": "[domain-name:value = 'oralbdentaltreatment.tk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cae9d-c658-4335-a822-407e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:49:33.000Z",
"modified": "2019-07-15T16:49:33.000Z",
"pattern": "[domain-name:value = 'wlttraco.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:49:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2caf91-ddb0-4d8f-8152-4bbf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:53:37.000Z",
"modified": "2019-07-15T16:53:37.000Z",
"description": "Agent Tesla - Campaign #1",
"pattern": "[file:hashes.SHA256 = '8c8f755b427b32e3eb528f5b59805b1532af3f627d690603ac12bf924289f36f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:53:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload installation"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload installation\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:37.000Z",
"modified": "2019-07-15T17:02:37.000Z",
"first_observed": "2019-07-15T17:02:37Z",
"last_observed": "2019-07-15T17:02:37Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9",
"ipv4-addr--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9",
"src_ref": "ipv4-addr--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5d2cb1ad-acc0-4b2d-a95f-4c04e387cbd9",
"value": "198.54.125.61"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d2cb1ae-c9f4-4846-8276-4305e387cbd9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:38.000Z",
"modified": "2019-07-15T17:02:38.000Z",
"first_observed": "2019-07-15T17:02:38Z",
"last_observed": "2019-07-15T17:02:38Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5d2cb1ae-c9f4-4846-8276-4305e387cbd9",
"ipv4-addr--5d2cb1ae-c9f4-4846-8276-4305e387cbd9"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5d2cb1ae-c9f4-4846-8276-4305e387cbd9",
"src_ref": "ipv4-addr--5d2cb1ae-c9f4-4846-8276-4305e387cbd9",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5d2cb1ae-c9f4-4846-8276-4305e387cbd9",
"value": "84.38.134.121"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:40.000Z",
"modified": "2019-07-15T17:02:40.000Z",
"first_observed": "2019-07-15T17:02:40Z",
"last_observed": "2019-07-15T17:02:40Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9",
"ipv4-addr--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9",
"src_ref": "ipv4-addr--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5d2cb1b0-fae0-4af9-a278-4e5ae387cbd9",
"value": "185.26.122.68"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d2cb1b1-0bd4-4844-9628-490fe387cbd9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:41.000Z",
"modified": "2019-07-15T17:02:41.000Z",
"first_observed": "2019-07-15T17:02:41Z",
"last_observed": "2019-07-15T17:02:41Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5d2cb1b1-0bd4-4844-9628-490fe387cbd9",
"ipv4-addr--5d2cb1b1-0bd4-4844-9628-490fe387cbd9"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5d2cb1b1-0bd4-4844-9628-490fe387cbd9",
"src_ref": "ipv4-addr--5d2cb1b1-0bd4-4844-9628-490fe387cbd9",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5d2cb1b1-0bd4-4844-9628-490fe387cbd9",
"value": "208.91.197.91"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:42.000Z",
"modified": "2019-07-15T17:02:42.000Z",
"first_observed": "2019-07-15T17:02:42Z",
"last_observed": "2019-07-15T17:02:42Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9",
"ipv4-addr--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9",
"src_ref": "ipv4-addr--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5d2cb1b2-f578-40c4-bb51-4f0be387cbd9",
"value": "154.80.172.212"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:43.000Z",
"modified": "2019-07-15T17:02:43.000Z",
"first_observed": "2019-07-15T17:02:43Z",
"last_observed": "2019-07-15T17:02:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9",
"ipv4-addr--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9",
"src_ref": "ipv4-addr--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5d2cb1b3-daa0-4856-86f3-41fbe387cbd9",
"value": "46.21.144.100"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:46.000Z",
"modified": "2019-07-15T17:02:46.000Z",
"first_observed": "2019-07-15T17:02:46Z",
"last_observed": "2019-07-15T17:02:46Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9",
"ipv4-addr--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9",
"src_ref": "ipv4-addr--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5d2cb1b6-59b8-41a7-bb62-4b7de387cbd9",
"value": "151.80.88.242"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:47.000Z",
"modified": "2019-07-15T17:02:47.000Z",
"first_observed": "2019-07-15T17:02:47Z",
"last_observed": "2019-07-15T17:02:47Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9",
"ipv4-addr--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9",
"src_ref": "ipv4-addr--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5d2cb1b7-0f6c-49f8-a1a1-46b5e387cbd9",
"value": "209.99.40.222"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:52.000Z",
"modified": "2019-07-15T17:02:52.000Z",
"first_observed": "2019-07-15T17:02:52Z",
"last_observed": "2019-07-15T17:02:52Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9",
"ipv4-addr--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9"
],
"labels": [
"misp:type=\"ip-src\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9",
"src_ref": "ipv4-addr--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5d2cb1bc-57a8-402c-bf0a-48dae387cbd9",
"value": "209.99.40.223"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb25b-18e4-4b9b-9dff-4dbe02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:05:31.000Z",
"modified": "2019-07-15T17:05:31.000Z",
"pattern": "[windows-registry-key:key = 'HKCU\\\\Software\\\\Classes\\\\ms-settings\\\\shell\\\\open\\\\command']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:05:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d2cb281-9ea8-457e-b4fd-4ada02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:06:09.000Z",
"modified": "2019-07-15T17:06:09.000Z",
"labels": [
"misp:type=\"whois-registrant-email\"",
"misp:category=\"Social network\""
],
"x_misp_category": "Social network",
"x_misp_type": "whois-registrant-email",
"x_misp_value": "aaras480@gmail.com"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2b1-63bc-457a-9f3b-429a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:06:57.000Z",
"modified": "2019-07-15T17:06:57.000Z",
"description": "For example, in June 2019, the following URLs were hosting malicious content associated with these campaigns:",
"pattern": "[url:value = 'http://aelna.com/file/chuks.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:06:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2b2-2b08-458c-a55f-443d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:06:58.000Z",
"modified": "2019-07-15T17:06:58.000Z",
"description": "For example, in June 2019, the following URLs were hosting malicious content associated with these campaigns:",
"pattern": "[url:value = 'http://aelna.com/file/sweed.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:06:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2b2-327c-4bc3-907c-404602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:06:58.000Z",
"modified": "2019-07-15T17:06:58.000Z",
"description": "For example, in June 2019, the following URLs were hosting malicious content associated with these campaigns:",
"pattern": "[url:value = 'http://aelna.com/file/duke.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:06:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2d2-ea6c-4c3d-9789-48ff02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:30.000Z",
"modified": "2019-07-15T17:07:30.000Z",
"description": "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf",
"pattern": "[url:value = 'sodimodisfrance.cf/2/chuks.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2d2-85f0-46c2-aa47-4fdf02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:30.000Z",
"modified": "2019-07-15T17:07:30.000Z",
"description": "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf",
"pattern": "[url:value = 'sodimodisfrance.cf/6/chuks.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2d2-251c-44ac-a8ff-482202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:30.000Z",
"modified": "2019-07-15T17:07:30.000Z",
"description": "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf",
"pattern": "[url:value = 'sodimodisfrance.cf/5/goodman.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2d2-8c98-448e-8f6b-451802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:30.000Z",
"modified": "2019-07-15T17:07:30.000Z",
"description": "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf",
"pattern": "[url:value = 'sodimodisfrance.cf/1/chuks.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2d2-f618-4373-936d-4e5002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:30.000Z",
"modified": "2019-07-15T17:07:30.000Z",
"description": "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf",
"pattern": "[url:value = 'sodimodisfrance.cf/1/hipkid.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2d2-15ac-4588-87e0-481702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:30.000Z",
"modified": "2019-07-15T17:07:30.000Z",
"description": "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf",
"pattern": "[url:value = 'sodimodisfrance.cf/5/sweed.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2d2-76e0-4b97-a41f-497502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:30.000Z",
"modified": "2019-07-15T17:07:30.000Z",
"description": "In several cases, the directory structure present on the distribution servers contained multiple directories hosting malicious files, an example listing below using the domain sodismodisfrance[.]cf",
"pattern": "[url:value = 'sodimodisfrance.cf/2/duke.boys.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2ec-8c84-4ac2-a0fc-4c1a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:56.000Z",
"modified": "2019-07-15T17:07:56.000Z",
"description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:",
"pattern": "[url:value = 'sweed-office.comie.ru/goodman/panel']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2ec-0554-4b04-b70f-46e402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:56.000Z",
"modified": "2019-07-15T17:07:56.000Z",
"description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:",
"pattern": "[url:value = 'sweed-office.comie.ru/kc/panel/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2ec-fcc8-4890-85bc-49ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:56.000Z",
"modified": "2019-07-15T17:07:56.000Z",
"description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:",
"pattern": "[url:value = 'wlttraco.com/sweed-office/omee/panel/login.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2ec-11b4-46cc-8f66-426d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:56.000Z",
"modified": "2019-07-15T17:07:56.000Z",
"description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:",
"pattern": "[url:value = 'wlttraco.com/sweed-client/humble1/panel/post.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2ec-86c8-4d2e-8f25-44b202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:56.000Z",
"modified": "2019-07-15T17:07:56.000Z",
"description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:",
"pattern": "[url:value = 'wlttraco.com/sweed-client/sima/panel/post.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2ec-e324-4981-bae1-495b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:56.000Z",
"modified": "2019-07-15T17:07:56.000Z",
"description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:",
"pattern": "[url:value = 'wlttraco.com/sweed-office/omee/panel/post.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2ec-ea9c-4004-bfb5-4ef902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:56.000Z",
"modified": "2019-07-15T17:07:56.000Z",
"description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:",
"pattern": "[url:value = 'wlttraco.com/sweed-office/kc/panel/post.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2ec-561c-4376-b159-46e102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:56.000Z",
"modified": "2019-07-15T17:07:56.000Z",
"description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:",
"pattern": "[url:value = 'wlttraco.com/sweed-office/olamide/panel/post.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2ec-55e8-474c-bf23-492e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:56.000Z",
"modified": "2019-07-15T17:07:56.000Z",
"description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:",
"pattern": "[url:value = 'wlttraco.com/sweed-office/jamil/panel/post.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2ec-e784-4aa2-83df-456402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:56.000Z",
"modified": "2019-07-15T17:07:56.000Z",
"description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:",
"pattern": "[url:value = 'wlttraco.com/sweed-client/niggab/panel/post.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2ec-bcf8-414e-b7bf-409502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:56.000Z",
"modified": "2019-07-15T17:07:56.000Z",
"description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:",
"pattern": "[url:value = 'wlttraco.com/sweed-client/humble2/panel/post.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb2ec-0100-4c07-902f-484302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:07:56.000Z",
"modified": "2019-07-15T17:07:56.000Z",
"description": "In analyzing the malware activity associated with SWEED, we also investigated the use of interesting paths in the hosting of the administration panels associated with the various RATs and stealers being distributed by this group. Indeed, on a single C2 server, we identified several panel with the following URLs:",
"pattern": "[url:value = 'wlttraco.com/sweed-office/harry/panel/post.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:07:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2caf42-e134-4c02-8eda-45d702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:52:18.000Z",
"modified": "2019-07-15T16:52:18.000Z",
"description": " Campaign #1",
"pattern": "[file:hashes.SHA256 = '59b15f6ace090d05ac5f7692ef834433d8504352a7f45e80e7feb05298d9c2dd' AND file:name = 'Java_Updater.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:52:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2caf6c-a478-4dd2-a816-4a5e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:53:00.000Z",
"modified": "2019-07-15T16:53:00.000Z",
"description": " Campaign #1",
"pattern": "[file:hashes.SHA256 = 'e397ba1674a6dc470281c0c83acd70fd4d772bf8dcf23bf2c692db6575f6ab08' AND file:name = 'P-O of Jun2017.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:53:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--90a459a2-ebdb-4229-9b32-7e02479444cf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:54:12.000Z",
"modified": "2019-07-15T16:54:12.000Z",
"pattern": "[file:hashes.MD5 = '1be08ed45c512f6daab34519995dda63' AND file:hashes.SHA1 = '4a4fa608ccdbae42ef3ed708b08b6bbacda20908' AND file:hashes.SHA256 = '8c8f755b427b32e3eb528f5b59805b1532af3f627d690603ac12bf924289f36f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:54:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--a99ed487-ccf6-481c-9b2e-31274a7de66b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:54:13.000Z",
"modified": "2019-07-15T16:54:13.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-03-26T19:06:29",
"category": "Other",
"comment": "Agent Tesla - Campaign #1",
"uuid": "af28189f-7f1d-41a8-8c73-c9ea120555ca"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/8c8f755b427b32e3eb528f5b59805b1532af3f627d690603ac12bf924289f36f/analysis/1522091189/",
"category": "External analysis",
"comment": "Agent Tesla - Campaign #1",
"uuid": "80f8f1b1-1a11-44ca-9efa-a09ab8cc83d5"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "46/66",
"category": "Payload installation",
"comment": "Agent Tesla - Campaign #1",
"uuid": "eea81aef-999f-4df6-8f60-eec0e32da997"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fa3e47a5-e0ae-420e-9eaa-1242638e7cc3",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:03.000Z",
"modified": "2019-07-15T17:02:03.000Z",
"pattern": "[file:hashes.MD5 = 'bf58485904f69fb91b11cd802f6d76ca' AND file:hashes.SHA1 = 'ae8f8bb3e7cfdeed7317b6eea7ef0cec4113b519' AND file:hashes.SHA256 = 'e397ba1674a6dc470281c0c83acd70fd4d772bf8dcf23bf2c692db6575f6ab08']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:02:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5942866c-758a-412c-b1e8-6d51f4978c65",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:54:13.000Z",
"modified": "2019-07-15T16:54:13.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-06-22T12:36:27",
"category": "Other",
"uuid": "65f4da1c-0f6c-4b4a-a272-75e00434483e"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e397ba1674a6dc470281c0c83acd70fd4d772bf8dcf23bf2c692db6575f6ab08/analysis/1498134987/",
"category": "Payload delivery",
"uuid": "842578a7-27e5-4718-bb4c-479b7cb369ac"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "9/59",
"category": "Payload delivery",
"uuid": "5df2aec9-e3a5-48b2-a5f6-bd1ac1a30d9e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a1f9e105-0d5f-471f-8da2-7b6af6110a47",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:03.000Z",
"modified": "2019-07-15T17:02:03.000Z",
"pattern": "[file:hashes.MD5 = 'a313f809b1faf1643e0201e29cb4cbc0' AND file:hashes.SHA1 = '2dd851466760b8b35226e83b2bfa36a379c03db6' AND file:hashes.SHA256 = '59b15f6ace090d05ac5f7692ef834433d8504352a7f45e80e7feb05298d9c2dd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:02:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d20b466c-ddd8-4f9c-b27c-1e5abaabc9ad",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:54:14.000Z",
"modified": "2019-07-15T16:54:14.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-10-12T13:33:10",
"category": "Other",
"uuid": "553d5faf-a8ce-445a-82a9-3e17363cd1da"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/59b15f6ace090d05ac5f7692ef834433d8504352a7f45e80e7feb05298d9c2dd/analysis/1507815190/",
"category": "Payload delivery",
"uuid": "c14e58b2-77a5-46d7-ab6d-9afbf6ab18c7"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "48/66",
"category": "Payload delivery",
"uuid": "0161d30e-d327-4df9-a166-658673b5b49a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb00d-a38c-4241-9ae1-40db02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:55:41.000Z",
"modified": "2019-07-15T16:55:41.000Z",
"description": " Campaign #2",
"pattern": "[file:hashes.SHA256 = 'd27a29bdb0492b25bf71e536c8a1fae8373a4b57f01ad7481006f6849b246a97' AND file:name = 'Java sample']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:55:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb071-13f4-4927-b73c-409902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:57:21.000Z",
"modified": "2019-07-15T16:57:21.000Z",
"description": " Campaign #3",
"pattern": "[file:hashes.SHA256 = '65bdd250aa4b4809edc32faeba2781864a3fee7e53e1f768b35a2bdedbb1243b' AND file:name = 'New Order For Quotation.ppsx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:57:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb0ad-7148-479f-b5ea-97a202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T16:58:21.000Z",
"modified": "2019-07-15T16:58:21.000Z",
"description": " Campaign #4",
"pattern": "[file:hashes.SHA256 = '111e1fff673466cedaed8011218a8d65f84bee48d5ce6d7e8f62cb37df75e671' AND file:name = 'SETTLEMENT OF OUTSTANDING.xlsx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T16:58:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb145-d424-4c65-8ff4-401b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:00:53.000Z",
"modified": "2019-07-15T17:00:53.000Z",
"description": " Campaign #5",
"pattern": "[file:hashes.SHA256 = '1dd4ac4925b58a2833b5c8969e7c5b5ff5ec590b376d520e6c0a114b941e2075' AND file:name = 'Request and specification of our new order.xls']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:00:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d2cb17f-e3a8-4d42-84c0-4cee02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:01:51.000Z",
"modified": "2019-07-15T17:01:51.000Z",
"description": " Campaign #5",
"pattern": "[file:hashes.SHA256 = 'fa6557302758bbea203967e70477336ac7a054b1df5a71d2fb6d822884e4e34f' AND file:name = 'Agent Tesla']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:01:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--f0efcfb4-d9f2-4fed-b2ab-07728dbefb63",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:03.000Z",
"modified": "2019-07-15T17:02:03.000Z",
"pattern": "[file:hashes.MD5 = '8e0b8b5200e879d7a4a62df5ea30253a' AND file:hashes.SHA1 = '50c9dea7c3b2f396f22612f14dae00880ceffa9a' AND file:hashes.SHA256 = '1dd4ac4925b58a2833b5c8969e7c5b5ff5ec590b376d520e6c0a114b941e2075']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:02:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--9ea6369a-c1e9-42ce-8c58-f359fe2f78d1",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:03.000Z",
"modified": "2019-07-15T17:02:03.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-07-15T06:00:54",
"category": "Other",
"uuid": "dabea056-538d-4442-b633-26c8a44edf75"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/1dd4ac4925b58a2833b5c8969e7c5b5ff5ec590b376d520e6c0a114b941e2075/analysis/1563170454/",
"category": "Payload delivery",
"uuid": "f41b268d-f903-4aa4-b5ba-1e19066d5e42"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "32/60",
"category": "Payload delivery",
"uuid": "4cc2f15c-563f-4209-9583-41628ba52ea3"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--5d15455c-9cb2-43a9-85f5-31c2c47f3f6a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:03.000Z",
"modified": "2019-07-15T17:02:03.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-10-12T13:33:10",
"category": "Other",
"uuid": "5f522c75-9e97-494d-9194-a6b93776287a"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/59b15f6ace090d05ac5f7692ef834433d8504352a7f45e80e7feb05298d9c2dd/analysis/1507815190/",
"category": "Payload delivery",
"uuid": "ad0b5f4e-0fff-4f75-be53-6265f58c29c1"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "48/66",
"category": "Payload delivery",
"uuid": "356ef8ff-0235-4e8f-bb33-8249a5caf79e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ef9c46e1-2109-4f2d-a196-0b32db320dde",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:03.000Z",
"modified": "2019-07-15T17:02:03.000Z",
"pattern": "[file:hashes.MD5 = '675b17eed5c3c5e0bb5ab937753672bb' AND file:hashes.SHA1 = '72d382cbf08d3f3fe2429eceed8a706b1b44fd65' AND file:hashes.SHA256 = '65bdd250aa4b4809edc32faeba2781864a3fee7e53e1f768b35a2bdedbb1243b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:02:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--57ad2c35-47de-4478-a5a2-ef662992dbd7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:04.000Z",
"modified": "2019-07-15T17:02:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-11-18T19:17:10",
"category": "Other",
"uuid": "aa822b4a-e563-4929-b1ba-7bf06ac4c469"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/65bdd250aa4b4809edc32faeba2781864a3fee7e53e1f768b35a2bdedbb1243b/analysis/1542568630/",
"category": "Payload delivery",
"uuid": "4c438a43-6d73-412c-b2d0-0c36ee8a04c0"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "20/56",
"category": "Payload delivery",
"uuid": "e4e98012-9f66-4620-a3a9-2d899b277a8e"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--94899e17-3ab7-4ef6-b462-5511f61bebc5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:04.000Z",
"modified": "2019-07-15T17:02:04.000Z",
"pattern": "[file:hashes.MD5 = 'f082f44b0f4e52c44a6116e34ecb2a78' AND file:hashes.SHA1 = 'a2b75fce3fc2baf11eae550d05aa1fbe170be546' AND file:hashes.SHA256 = '111e1fff673466cedaed8011218a8d65f84bee48d5ce6d7e8f62cb37df75e671']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:02:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--af2f967c-2424-4564-978c-5cdb327139f9",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:04.000Z",
"modified": "2019-07-15T17:02:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-11-18T19:12:47",
"category": "Other",
"uuid": "d0b8bb66-599a-448b-a8b5-674d8fdb2cb2"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/111e1fff673466cedaed8011218a8d65f84bee48d5ce6d7e8f62cb37df75e671/analysis/1542568367/",
"category": "Payload delivery",
"uuid": "e872a407-273f-4376-a8a1-49e69b57e6e7"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "32/59",
"category": "Payload delivery",
"uuid": "934ba945-fbe4-4884-ad0d-dc8fa9cd8a20"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b7cc06ad-5ab0-4f8a-b454-f3795dd44acf",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:04.000Z",
"modified": "2019-07-15T17:02:04.000Z",
"pattern": "[file:hashes.MD5 = 'fc23bd61f8af13293fd960e6cb202145' AND file:hashes.SHA1 = 'd3e1421263a60abd5e58a49c3f02282710917210' AND file:hashes.SHA256 = 'fa6557302758bbea203967e70477336ac7a054b1df5a71d2fb6d822884e4e34f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:02:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6d2912db-ff65-482e-8a39-c7aa4d2f68a6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:04.000Z",
"modified": "2019-07-15T17:02:04.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2019-06-18T02:08:00",
"category": "Other",
"uuid": "89006026-47b7-45f8-ac3c-64326ebbe3ca"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/fa6557302758bbea203967e70477336ac7a054b1df5a71d2fb6d822884e4e34f/analysis/1560823680/",
"category": "Payload delivery",
"uuid": "9cbf73dd-b749-4402-9737-395a241e805d"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "45/66",
"category": "Payload delivery",
"uuid": "d602cb8b-f80f-4839-aab8-eaadae303222"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--8c40c4c1-8e29-4715-ac40-3403a10e3b6e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:05.000Z",
"modified": "2019-07-15T17:02:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-06-22T12:36:27",
"category": "Other",
"uuid": "5cbc4dea-fefe-4d73-ac3a-99c822b7118b"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e397ba1674a6dc470281c0c83acd70fd4d772bf8dcf23bf2c692db6575f6ab08/analysis/1498134987/",
"category": "Payload delivery",
"uuid": "8c6cfdd3-0eff-4938-a5d3-1ae36045c254"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "9/59",
"category": "Payload delivery",
"uuid": "2cf448aa-f7c9-48a8-825e-4a5ee6733ec5"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--641d3a70-e79d-4e0c-ad91-1bf7ec2ffec4",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:05.000Z",
"modified": "2019-07-15T17:02:05.000Z",
"pattern": "[file:hashes.MD5 = 'bcfe2c56500d6f58e8e3f4b5a35fb155' AND file:hashes.SHA1 = 'f36b3a4353cddc2909f534a5dbf4f631c4c941a9' AND file:hashes.SHA256 = 'd27a29bdb0492b25bf71e536c8a1fae8373a4b57f01ad7481006f6849b246a97']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-07-15T17:02:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f00b6044-39c2-494d-9351-0a5aeea8581c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-07-15T17:02:05.000Z",
"modified": "2019-07-15T17:02:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-11-15T07:22:45",
"category": "Other",
"uuid": "ba91dac5-b7af-42b4-a351-b43c4cb949ea"
},
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/d27a29bdb0492b25bf71e536c8a1fae8373a4b57f01ad7481006f6849b246a97/analysis/1542266565/",
"category": "Payload delivery",
"uuid": "891da064-eda3-4824-94a3-6d7950aedd8c"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "22/58",
"category": "Payload delivery",
"uuid": "b2320be1-2302-421d-8aa1-07110023f45a"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--efd3a832-0b92-4bb2-a3db-eedbe84595f3",
"created": "2019-07-15T16:54:14.000Z",
"modified": "2019-07-15T16:54:14.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--90a459a2-ebdb-4229-9b32-7e02479444cf",
"target_ref": "x-misp-object--a99ed487-ccf6-481c-9b2e-31274a7de66b"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--713e7107-d8b2-434c-8dc9-9ce6ea865d01",
"created": "2019-07-15T16:54:15.000Z",
"modified": "2019-07-15T16:54:15.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--fa3e47a5-e0ae-420e-9eaa-1242638e7cc3",
"target_ref": "x-misp-object--5942866c-758a-412c-b1e8-6d51f4978c65"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--faa86864-e895-427b-b7a0-7a84c26b9d92",
"created": "2019-07-15T17:02:05.000Z",
"modified": "2019-07-15T17:02:05.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--fa3e47a5-e0ae-420e-9eaa-1242638e7cc3",
"target_ref": "x-misp-object--8c40c4c1-8e29-4715-ac40-3403a10e3b6e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--14a2d6bd-f486-4606-81d4-9103d139c216",
"created": "2019-07-15T16:54:15.000Z",
"modified": "2019-07-15T16:54:15.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a1f9e105-0d5f-471f-8da2-7b6af6110a47",
"target_ref": "x-misp-object--d20b466c-ddd8-4f9c-b27c-1e5abaabc9ad"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--49eaf81e-15bc-4ad3-a7a0-afd9a94f8e42",
"created": "2019-07-15T17:02:06.000Z",
"modified": "2019-07-15T17:02:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--a1f9e105-0d5f-471f-8da2-7b6af6110a47",
"target_ref": "x-misp-object--5d15455c-9cb2-43a9-85f5-31c2c47f3f6a"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--070538d0-77b7-460d-b6a3-c76e839b4158",
"created": "2019-07-15T17:02:06.000Z",
"modified": "2019-07-15T17:02:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--f0efcfb4-d9f2-4fed-b2ab-07728dbefb63",
"target_ref": "x-misp-object--9ea6369a-c1e9-42ce-8c58-f359fe2f78d1"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--68da5e71-293d-4691-af48-aed73110b77a",
"created": "2019-07-15T17:02:06.000Z",
"modified": "2019-07-15T17:02:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--ef9c46e1-2109-4f2d-a196-0b32db320dde",
"target_ref": "x-misp-object--57ad2c35-47de-4478-a5a2-ef662992dbd7"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--f6dfca8a-ef43-4ce0-bcba-8835638ba6aa",
"created": "2019-07-15T17:02:06.000Z",
"modified": "2019-07-15T17:02:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--94899e17-3ab7-4ef6-b462-5511f61bebc5",
"target_ref": "x-misp-object--af2f967c-2424-4564-978c-5cdb327139f9"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--337bc13f-555e-4a17-84df-8555acfc126f",
"created": "2019-07-15T17:02:06.000Z",
"modified": "2019-07-15T17:02:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b7cc06ad-5ab0-4f8a-b454-f3795dd44acf",
"target_ref": "x-misp-object--6d2912db-ff65-482e-8a39-c7aa4d2f68a6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--d5a80c79-cbe0-4ad3-865b-bc1459928d1e",
"created": "2019-07-15T17:02:06.000Z",
"modified": "2019-07-15T17:02:06.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--641d3a70-e79d-4e0c-ad91-1bf7ec2ffec4",
"target_ref": "x-misp-object--f00b6044-39c2-494d-9351-0a5aeea8581c"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink