adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/589327e5-227c-4236-a9b8-fafc950d210f.json

1385 lines
No EOL
57 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--589327e5-227c-4236-a9b8-fafc950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T13:13:44.000Z",
"modified": "2017-02-02T13:13:44.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--589327e5-227c-4236-a9b8-fafc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T13:13:44.000Z",
"modified": "2017-02-02T13:13:44.000Z",
"name": "OSINT - Nile Phish: Large-Scale Phishing Campaign Targeting Egyptian Civil Society",
"published": "2017-02-02T15:56:47Z",
"object_refs": [
"x-misp-attribute--589328a6-8f58-41b7-861e-a72f950d210f",
"observed-data--589328b7-3598-41f9-a503-4837950d210f",
"url--589328b7-3598-41f9-a503-4837950d210f",
"indicator--58932917-4064-4830-a6d1-4b19950d210f",
"indicator--58932918-a200-4e93-a634-4275950d210f",
"indicator--58932918-e458-4a3c-9244-4e2e950d210f",
"indicator--58932919-39a8-49e9-9164-4c48950d210f",
"indicator--5893291a-1d70-4170-ba53-4576950d210f",
"indicator--5893291a-ac08-45da-aa57-402e950d210f",
"indicator--5893291b-db6c-490a-8b6e-4def950d210f",
"indicator--5893291c-1148-4945-980f-4287950d210f",
"indicator--5893291d-78e8-44ba-9d5c-4911950d210f",
"indicator--5893291d-7a60-4659-8fe1-4d85950d210f",
"indicator--5893291e-295c-4d72-861f-4ff8950d210f",
"indicator--5893291f-c728-420e-91fe-42bd950d210f",
"indicator--58932920-35b8-4f43-b2fd-43f2950d210f",
"indicator--58932920-d574-4b73-9d56-4c92950d210f",
"indicator--58932921-7ed4-4b05-a967-4b08950d210f",
"indicator--58932922-3680-4989-bf29-426e950d210f",
"indicator--58932922-c80c-4b4d-93c7-4b70950d210f",
"indicator--58932923-1d14-4cac-84a1-4c8b950d210f",
"indicator--58932924-1f3c-4ff0-b00c-4083950d210f",
"indicator--58932925-28dc-4dfc-b72c-4a79950d210f",
"indicator--58932925-8e18-41f9-b8d7-4d02950d210f",
"indicator--58932926-4ecc-43d7-be08-4605950d210f",
"indicator--58932927-5404-453e-80d9-4534950d210f",
"indicator--58932927-a878-4a7d-8f5b-490b950d210f",
"indicator--58932928-0654-4370-8eb0-49b1950d210f",
"indicator--58932929-1a48-4472-8e21-4e1b950d210f",
"indicator--5893292a-bd64-479e-b03b-4864950d210f",
"indicator--5893292a-b974-491b-a059-4268950d210f",
"indicator--5893292b-42bc-4b15-8ed4-4daa950d210f",
"indicator--5893292c-f15c-4d6c-8266-4f96950d210f",
"indicator--5893292c-ca04-483c-b3cf-47f4950d210f",
"indicator--5893292d-b614-409b-ad73-45e4950d210f",
"indicator--5893292e-1bf0-4b0e-b729-4696950d210f",
"indicator--5893292f-dbe8-4d18-854f-4835950d210f",
"indicator--5893292f-64a0-42d0-a008-47d9950d210f",
"indicator--5893295e-2ddc-436b-8a56-4f2f950d210f",
"indicator--5893295e-797c-42f1-9fa2-405e950d210f",
"indicator--5893295f-2d60-4e1d-9094-4b8d950d210f",
"indicator--589329cd-35f0-4f14-83a7-fafb950d210f",
"indicator--589329ce-157c-44b2-adf9-fafb950d210f",
"indicator--589329ce-ed50-4892-a636-fafb950d210f",
"indicator--589329cf-0348-4a7f-ab04-fafb950d210f",
"indicator--589329d0-9170-4a2f-9af1-fafb950d210f",
"indicator--589329d1-9b98-428f-bfab-fafb950d210f",
"indicator--589329d1-6b78-4b55-bbdb-fafb950d210f",
"indicator--589329d2-a5e8-4b0b-9a10-fafb950d210f",
"indicator--589329d3-b19c-4856-85df-fafb950d210f",
"indicator--589329d3-098c-4373-a4d0-fafb950d210f",
"indicator--589329d4-9778-4ea6-b9f9-fafb950d210f",
"indicator--589329d5-6548-4042-a2a8-fafb950d210f",
"indicator--589329d6-92f0-434e-a004-fafb950d210f",
"indicator--589329d7-ce6c-467e-b1c6-fafb950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"phishing\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--589328a6-8f58-41b7-861e-a72f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:40:06.000Z",
"modified": "2017-02-02T12:40:06.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Egyptian NGOs are currently being targeted by Nile Phish, a large-scale phishing campaign.\r\nAlmost all of the targets we identified are also implicated in Case 173, a sprawling legal case brought by the Egyptian government against NGOs, at ich has been referred to as an \u00e2\u20ac\u0153unprecedented crackdown\u00e2\u20ac\u009d on Egypt\u00e2\u20ac\u2122s civil society.\r\nNile Phish operators demonstrate an intimate knowledge of Egyptian NGOs, and are able to roll out phishing attacks within hours of government actions, such as arrests."
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--589328b7-3598-41f9-a503-4837950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:40:23.000Z",
"modified": "2017-02-02T12:40:23.000Z",
"first_observed": "2017-02-02T12:40:23Z",
"last_observed": "2017-02-02T12:40:23Z",
"number_observed": 1,
"object_refs": [
"url--589328b7-3598-41f9-a503-4837950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--589328b7-3598-41f9-a503-4837950d210f",
"value": "https://citizenlab.org/2017/02/nilephish-report/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932917-4064-4830-a6d1-4b19950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:41:59.000Z",
"modified": "2017-02-02T12:41:59.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'account-google.serveftp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:41:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932918-a200-4e93-a634-4275950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:00.000Z",
"modified": "2017-02-02T12:42:00.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'aramex-shipping.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932918-e458-4a3c-9244-4e2e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:00.000Z",
"modified": "2017-02-02T12:42:00.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'device-activation.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932919-39a8-49e9-9164-4c48950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:01.000Z",
"modified": "2017-02-02T12:42:01.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'dropbox-service.serveftp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893291a-1d70-4170-ba53-4576950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:02.000Z",
"modified": "2017-02-02T12:42:02.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'dropbox-sign.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893291a-ac08-45da-aa57-402e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:02.000Z",
"modified": "2017-02-02T12:42:02.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'dropboxsupport.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893291b-db6c-490a-8b6e-4def950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:03.000Z",
"modified": "2017-02-02T12:42:03.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'fedex-mail.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893291c-1148-4945-980f-4287950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:04.000Z",
"modified": "2017-02-02T12:42:04.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'fedex-shipping.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893291d-78e8-44ba-9d5c-4911950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:05.000Z",
"modified": "2017-02-02T12:42:05.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'fedex-sign.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893291d-7a60-4659-8fe1-4d85950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:05.000Z",
"modified": "2017-02-02T12:42:05.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'googledriver-sign.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893291e-295c-4d72-861f-4ff8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:06.000Z",
"modified": "2017-02-02T12:42:06.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'googledrive-sign.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893291f-c728-420e-91fe-42bd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:07.000Z",
"modified": "2017-02-02T12:42:07.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'google-maps.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932920-35b8-4f43-b2fd-43f2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:08.000Z",
"modified": "2017-02-02T12:42:08.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'googlesecure-serv.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932920-d574-4b73-9d56-4c92950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:08.000Z",
"modified": "2017-02-02T12:42:08.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'googlesignin.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932921-7ed4-4b05-a967-4b08950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:09.000Z",
"modified": "2017-02-02T12:42:09.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'googleverify-signin.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932922-3680-4989-bf29-426e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:10.000Z",
"modified": "2017-02-02T12:42:10.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'mailgooglesign.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932922-c80c-4b4d-93c7-4b70950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:10.000Z",
"modified": "2017-02-02T12:42:10.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'myaccount.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932923-1d14-4cac-84a1-4c8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:11.000Z",
"modified": "2017-02-02T12:42:11.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'secure-team.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932924-1f3c-4ff0-b00c-4083950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:12.000Z",
"modified": "2017-02-02T12:42:12.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'security-myaccount.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932925-28dc-4dfc-b72c-4a79950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:13.000Z",
"modified": "2017-02-02T12:42:13.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'verification-acc.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932925-8e18-41f9-b8d7-4d02950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:13.000Z",
"modified": "2017-02-02T12:42:13.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'dropbox-verfy.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932926-4ecc-43d7-be08-4605950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:14.000Z",
"modified": "2017-02-02T12:42:14.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'fedex-s.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932927-5404-453e-80d9-4534950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:15.000Z",
"modified": "2017-02-02T12:42:15.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'watchyoutube.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932927-a878-4a7d-8f5b-490b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:15.000Z",
"modified": "2017-02-02T12:42:15.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'verification-team.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932928-0654-4370-8eb0-49b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:16.000Z",
"modified": "2017-02-02T12:42:16.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'securityteam-notify.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--58932929-1a48-4472-8e21-4e1b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:17.000Z",
"modified": "2017-02-02T12:42:17.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'secure-alert.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893292a-bd64-479e-b03b-4864950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:18.000Z",
"modified": "2017-02-02T12:42:18.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'quota-notification.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893292a-b974-491b-a059-4268950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:18.000Z",
"modified": "2017-02-02T12:42:18.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'notification-team.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893292b-42bc-4b15-8ed4-4daa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:19.000Z",
"modified": "2017-02-02T12:42:19.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'fedex-notification.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893292c-f15c-4d6c-8266-4f96950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:20.000Z",
"modified": "2017-02-02T12:42:20.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'docs-mails.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893292c-ca04-483c-b3cf-47f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:20.000Z",
"modified": "2017-02-02T12:42:20.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'restricted-videos.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893292d-b614-409b-ad73-45e4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:21.000Z",
"modified": "2017-02-02T12:42:21.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'dropboxnotification.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893292e-1bf0-4b0e-b729-4696950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:22.000Z",
"modified": "2017-02-02T12:42:22.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'moi-gov.serveftp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893292f-dbe8-4d18-854f-4835950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:23.000Z",
"modified": "2017-02-02T12:42:23.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'activate-google.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893292f-64a0-42d0-a008-47d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:42:23.000Z",
"modified": "2017-02-02T12:42:23.000Z",
"description": "domains for this phishing attack",
"pattern": "[domain-name:value = 'googlemaps.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:42:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893295e-2ddc-436b-8a56-4f2f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:43:10.000Z",
"modified": "2017-02-02T12:43:10.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.61.176.96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:43:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893295e-797c-42f1-9fa2-405e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:43:10.000Z",
"modified": "2017-02-02T12:43:10.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '104.238.191.204']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:43:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5893295f-2d60-4e1d-9094-4b8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:43:11.000Z",
"modified": "2017-02-02T12:43:11.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.123.26.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:43:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589329cd-35f0-4f14-83a7-fafb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:45:01.000Z",
"modified": "2017-02-02T12:45:01.000Z",
"description": "Phishing emails (claiming to be from legitimate services)",
"pattern": "[email-message:from_ref.value = 'secure.policy.check@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:45:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589329ce-157c-44b2-adf9-fafb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:45:02.000Z",
"modified": "2017-02-02T12:45:02.000Z",
"description": "Phishing emails (claiming to be from legitimate services)",
"pattern": "[email-message:from_ref.value = 'aramex.shipment@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:45:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589329ce-ed50-4892-a636-fafb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:45:02.000Z",
"modified": "2017-02-02T12:45:02.000Z",
"description": "Phishing emails (claiming to be from legitimate services)",
"pattern": "[email-message:from_ref.value = 'fedex_tracking@outlook.sa']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:45:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589329cf-0348-4a7f-ab04-fafb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:45:03.000Z",
"modified": "2017-02-02T12:45:03.000Z",
"description": "Phishing emails (claiming to be from legitimate services)",
"pattern": "[email-message:from_ref.value = 'mails.acc.noreply@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:45:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589329d0-9170-4a2f-9af1-fafb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:45:04.000Z",
"modified": "2017-02-02T12:45:04.000Z",
"description": "Phishing emails (claiming to be from legitimate services)",
"pattern": "[email-message:from_ref.value = 'fedex.noreply@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:45:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589329d1-9b98-428f-bfab-fafb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:45:05.000Z",
"modified": "2017-02-02T12:45:05.000Z",
"description": "Phishing emails (claiming to be from legitimate services)",
"pattern": "[email-message:from_ref.value = 'customerserviceonlineteam@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:45:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589329d1-6b78-4b55-bbdb-fafb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:45:05.000Z",
"modified": "2017-02-02T12:45:05.000Z",
"description": "Phishing emails (claiming to be from legitimate services)",
"pattern": "[email-message:from_ref.value = 'fedexcustomers.service@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:45:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589329d2-a5e8-4b0b-9a10-fafb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:45:06.000Z",
"modified": "2017-02-02T12:45:06.000Z",
"description": "Phishing emails (claiming to be from legitimate services)",
"pattern": "[email-message:from_ref.value = 'elnadeem.org@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:45:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589329d3-b19c-4856-85df-fafb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:45:07.000Z",
"modified": "2017-02-02T12:45:07.000Z",
"description": "Phishing emails (claiming to be from legitimate services)",
"pattern": "[email-message:from_ref.value = 'dropbox.noreplay@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:45:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589329d3-098c-4373-a4d0-fafb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:45:07.000Z",
"modified": "2017-02-02T12:45:07.000Z",
"description": "Phishing emails (claiming to be from legitimate services)",
"pattern": "[email-message:from_ref.value = 'mails.noreply.verify@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:45:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589329d4-9778-4ea6-b9f9-fafb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:45:08.000Z",
"modified": "2017-02-02T12:45:08.000Z",
"description": "Phishing emails (claiming to be from legitimate services)",
"pattern": "[email-message:from_ref.value = 'fedex.mails.shipping@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:45:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589329d5-6548-4042-a2a8-fafb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:45:09.000Z",
"modified": "2017-02-02T12:45:09.000Z",
"description": "Phishing emails (claiming to be from legitimate services)",
"pattern": "[email-message:from_ref.value = 'dropbox.notifications.mails@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:45:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589329d6-92f0-434e-a004-fafb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:45:10.000Z",
"modified": "2017-02-02T12:45:10.000Z",
"description": "Phishing emails (claiming to be from legitimate services)",
"pattern": "[email-message:from_ref.value = 'dropbox.notfication@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:45:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--589329d7-ce6c-467e-b1c6-fafb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-02-02T12:45:11.000Z",
"modified": "2017-02-02T12:45:11.000Z",
"description": "Phishing emails (claiming to be from legitimate services)",
"pattern": "[email-message:from_ref.value = 'drive.noreply.mail@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-02-02T12:45:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink