adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5bcdcd27-03e4-4118-9f82-46c3950d210f.json

1320 lines
No EOL
55 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5bcdcd27-03e4-4118-9f82-46c3950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:36:42.000Z",
"modified": "2018-10-23T09:36:42.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5bcdcd27-03e4-4118-9f82-46c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:36:42.000Z",
"modified": "2018-10-23T09:36:42.000Z",
"name": "OSINT - How we discovered a Ukranian cybercrime hotspot",
"context": "suspicious-activity",
"object_refs": [
"observed-data--5bcdcd3d-b248-4bd4-ab70-4506950d210f",
"url--5bcdcd3d-b248-4bd4-ab70-4506950d210f",
"x-misp-attribute--5bcdcd58-6534-4bad-bb67-492e950d210f",
"indicator--5bcdcefc-00f4-47c4-9068-4fe6950d210f",
"indicator--5bcdd029-4864-47f3-8cdd-45e3950d210f",
"indicator--5bcdd233-69fc-494d-aadc-4100950d210f",
"indicator--5bcdd305-0238-4969-bd26-413c950d210f",
"observed-data--5bcdd390-2688-4da1-91bb-4c39950d210f",
"url--5bcdd390-2688-4da1-91bb-4c39950d210f",
"indicator--5bcdd3ca-80c8-43b5-ad3a-4206950d210f",
"indicator--5bcdd3ce-ec90-4d71-8203-4e87950d210f",
"indicator--5bcdd3cf-4374-4018-ba1a-4de5950d210f",
"indicator--5bcdd3cf-51e8-4649-a47d-4c62950d210f",
"indicator--5bcdd3d0-09a4-4360-a306-4111950d210f",
"observed-data--5bced66e-80b8-49be-8deb-4d58950d210f",
"network-traffic--5bced66e-80b8-49be-8deb-4d58950d210f",
"ipv4-addr--5bced66e-80b8-49be-8deb-4d58950d210f",
"indicator--5bced6fe-5f3c-4ecc-85b6-43f9950d210f",
"indicator--5bcee105-b24c-4d8e-8d2e-4aed950d210f",
"indicator--5bcee108-2bb0-4f5c-b1df-4dae950d210f",
"indicator--5bcee10d-eaa8-4991-a98f-4600950d210f",
"indicator--5bcee110-38cc-4ba0-82d0-4288950d210f",
"indicator--5bcee503-21e0-4ed9-bf4c-4161950d210f",
"indicator--5bcee509-e4b0-4e8f-ad1e-4bca950d210f",
"indicator--5bcee5c3-26e8-4577-abc3-4580950d210f",
"indicator--5bcee5c6-4c94-4ab9-8fa8-4552950d210f",
"indicator--5bcee5c6-d8a4-4b23-851e-4bc9950d210f",
"indicator--5bcee5c7-e168-4467-a78e-4090950d210f",
"indicator--5bcee5cd-185c-4d57-8a3f-448a950d210f",
"indicator--5bcee5d2-8254-4162-9a48-40cd950d210f",
"indicator--5bcee5d7-5298-4268-8120-4935950d210f",
"indicator--5bcee5d8-8cb0-47c1-a166-4fc5950d210f",
"indicator--5bcee5d9-0c20-47cd-89c8-4a93950d210f",
"indicator--5bcee5d9-7418-49d7-8d72-49a0950d210f",
"indicator--5bcee5da-ae30-44df-a5ab-4059950d210f",
"indicator--5bcee5da-edf8-4a29-8a79-407f950d210f",
"indicator--5bcee5db-6454-4ec3-a083-4d79950d210f",
"indicator--5bcee5db-b0a0-4d0e-ba3d-4a91950d210f",
"indicator--5bcee646-01b0-42e3-bd41-4941950d210f",
"indicator--5bcee649-0e68-4881-90e0-4f65950d210f",
"indicator--5bcee64a-8494-4b6f-8848-4656950d210f",
"indicator--5bcee64a-d5e0-4c64-a981-43ad950d210f",
"indicator--5bcee64b-d4c8-4398-9710-4ad6950d210f",
"indicator--5bcee64b-ba50-417e-a7d7-4561950d210f",
"indicator--5bcee6d6-c9e0-4aa6-8e7b-4300950d210f",
"indicator--5bcdd845-8e88-4c09-a35d-4e4f950d210f",
"indicator--5bcecafe-9d14-4881-9aa2-4f6f950d210f",
"indicator--5bcecdb3-6f40-48b7-b0a8-429a950d210f",
"indicator--5bcece32-99e0-4322-9fa2-43c0950d210f",
"indicator--5bcecec6-dd44-469f-946d-4a7a950d210f",
"indicator--5bcecf53-7f38-40ef-8354-432a950d210f",
"indicator--5bcecfb1-80e4-42f4-a579-4322950d210f",
"indicator--5bced0b7-10c8-45ae-80a2-45c3950d210f",
"indicator--5bced4a8-5a28-4d6b-bb6d-4dd6950d210f",
"indicator--5bcee70d-6b2c-4c7c-baaa-4f5a950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:malpedia=\"win.gandcrab\"",
"misp-galaxy:ransomware=\"GandCrab\"",
"malware_classification:malware-category=\"Ransomware\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bcdcd3d-b248-4bd4-ab70-4506950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-22T13:15:13.000Z",
"modified": "2018-10-22T13:15:13.000Z",
"first_observed": "2018-10-22T13:15:13Z",
"last_observed": "2018-10-22T13:15:13Z",
"number_observed": 1,
"object_refs": [
"url--5bcdcd3d-b248-4bd4-ab70-4506950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5bcdcd3d-b248-4bd4-ab70-4506950d210f",
"value": "https://www.gdatasoftware.com/blog/2018/10/31187-ukranian-cybercrime-hotspot-ransomware"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5bcdcd58-6534-4bad-bb67-492e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-22T13:15:25.000Z",
"modified": "2018-10-22T13:15:25.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "While analysing a new version of the GandCrab Ransomware, G DATA security researchers discovered a whole network of criminal activities that are operated from a continuous IP range out of Ukraine. The IP addresses, registered presumably under false addresses, show indications of illegal cryptojacking, phishing sites and dating portals.\r\n\r\n\r\nRansomware is sold or rented to criminals in underground forums. This is probably also the case with GandCrab v5. However, the person behind the IP address obviously doesn't want to rely on just one criminal activity to generate revenue."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcdcefc-00f4-47c4-9068-4fe6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-22T13:22:04.000Z",
"modified": "2018-10-22T13:22:04.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.63.197.48']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-22T13:22:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcdd029-4864-47f3-8cdd-45e3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-22T13:27:05.000Z",
"modified": "2018-10-22T13:27:05.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.63.197.127']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-22T13:27:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcdd233-69fc-494d-aadc-4100950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-22T13:35:47.000Z",
"modified": "2018-10-22T13:35:47.000Z",
"pattern": "[file:name = '\\\\%WINDIR\\\\%\\\\T08606085085860\\\\winsvc32.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-22T13:35:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcdd305-0238-4969-bd26-413c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-22T13:39:17.000Z",
"modified": "2018-10-22T13:39:17.000Z",
"pattern": "[url:value = 'http://92.63.197.48/v/t.php?new=1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-22T13:39:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bcdd390-2688-4da1-91bb-4c39950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-22T13:41:36.000Z",
"modified": "2018-10-22T13:41:36.000Z",
"first_observed": "2018-10-22T13:41:36Z",
"last_observed": "2018-10-22T13:41:36Z",
"number_observed": 1,
"object_refs": [
"url--5bcdd390-2688-4da1-91bb-4c39950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5bcdd390-2688-4da1-91bb-4c39950d210f",
"value": "https://www.gdata.de/fileadmin/web/de/documents/whitepaper/G_Data_WhitePaper_-_Analysis_of_Win32.Trojan-Ransom.GandCrab.R.pdf"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcdd3ca-80c8-43b5-ad3a-4206950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-22T13:42:34.000Z",
"modified": "2018-10-22T13:42:34.000Z",
"pattern": "[url:value = 'http://92.63.197.48/v/t.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-22T13:42:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcdd3ce-ec90-4d71-8203-4e87950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-22T13:42:38.000Z",
"modified": "2018-10-22T13:42:38.000Z",
"pattern": "[url:value = 'http://92.63.197.48/v/m.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-22T13:42:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcdd3cf-4374-4018-ba1a-4de5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-22T13:42:39.000Z",
"modified": "2018-10-22T13:42:39.000Z",
"pattern": "[url:value = 'http://92.63.197.48/v/p.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-22T13:42:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcdd3cf-51e8-4649-a47d-4c62950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-22T13:42:39.000Z",
"modified": "2018-10-22T13:42:39.000Z",
"pattern": "[url:value = 'http://92.63.197.48/v/s.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-22T13:42:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcdd3d0-09a4-4360-a306-4111950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-22T13:42:40.000Z",
"modified": "2018-10-22T13:42:40.000Z",
"pattern": "[url:value = 'http://92.63.197.48/v/o.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-22T13:42:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5bced66e-80b8-49be-8deb-4d58950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T08:06:06.000Z",
"modified": "2018-10-23T08:06:06.000Z",
"first_observed": "2018-10-23T08:06:06Z",
"last_observed": "2018-10-23T08:06:06Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5bced66e-80b8-49be-8deb-4d58950d210f",
"ipv4-addr--5bced66e-80b8-49be-8deb-4d58950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5bced66e-80b8-49be-8deb-4d58950d210f",
"dst_ref": "ipv4-addr--5bced66e-80b8-49be-8deb-4d58950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5bced66e-80b8-49be-8deb-4d58950d210f",
"value": "92.63.197.0/24"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bced6fe-5f3c-4ecc-85b6-43f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T08:51:53.000Z",
"modified": "2018-10-23T08:51:53.000Z",
"description": "Active domain",
"pattern": "[domain-name:value = 'frim0ney.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T08:51:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee105-b24c-4d8e-8d2e-4aed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T08:51:17.000Z",
"modified": "2018-10-23T08:51:17.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'lucky-chances.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T08:51:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee108-2bb0-4f5c-b1df-4dae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T08:51:20.000Z",
"modified": "2018-10-23T08:51:20.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'earn-your-money.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T08:51:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee10d-eaa8-4991-a98f-4600950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T08:51:25.000Z",
"modified": "2018-10-23T08:51:25.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'global-profits1.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T08:51:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee110-38cc-4ba0-82d0-4288950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T08:51:28.000Z",
"modified": "2018-10-23T08:51:28.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'best-profits-here12.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T08:51:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee503-21e0-4ed9-bf4c-4161950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:08:19.000Z",
"modified": "2018-10-23T09:08:19.000Z",
"description": "Active domain",
"pattern": "[domain-name:value = 'dating-future69.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:08:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee509-e4b0-4e8f-ad1e-4bca950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:08:25.000Z",
"modified": "2018-10-23T09:08:25.000Z",
"description": "Active domain",
"pattern": "[domain-name:value = 'sewryus.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:08:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee5c3-26e8-4577-abc3-4580950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:11:31.000Z",
"modified": "2018-10-23T09:11:31.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = '100sexual-partner-found.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:11:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee5c6-4c94-4ab9-8fa8-4552950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:11:34.000Z",
"modified": "2018-10-23T09:11:34.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'realflirtdating11.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:11:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee5c6-d8a4-4b23-851e-4bc9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:11:34.000Z",
"modified": "2018-10-23T09:11:34.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'your-dating-now11.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:11:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee5c7-e168-4467-a78e-4090950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:11:35.000Z",
"modified": "2018-10-23T09:11:35.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'great-hookup-online.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:11:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee5cd-185c-4d57-8a3f-448a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:11:41.000Z",
"modified": "2018-10-23T09:11:41.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'dating-hearts.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:11:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee5d2-8254-4162-9a48-40cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:11:46.000Z",
"modified": "2018-10-23T09:11:46.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'yourdating-menus.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:11:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee5d7-5298-4268-8120-4935950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:11:51.000Z",
"modified": "2018-10-23T09:11:51.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'hotdatingspot.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:11:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee5d8-8cb0-47c1-a166-4fc5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:11:52.000Z",
"modified": "2018-10-23T09:11:52.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'datingsworld1.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:11:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee5d9-0c20-47cd-89c8-4a93950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:11:53.000Z",
"modified": "2018-10-23T09:11:53.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'dating-opportunities.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:11:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee5d9-7418-49d7-8d72-49a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:11:53.000Z",
"modified": "2018-10-23T09:11:53.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'hot-kisses-finder.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:11:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee5da-ae30-44df-a5ab-4059950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:11:54.000Z",
"modified": "2018-10-23T09:11:54.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'night-calldates.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee5da-edf8-4a29-8a79-407f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:11:54.000Z",
"modified": "2018-10-23T09:11:54.000Z",
"description": "Inactive domain - Under construction",
"pattern": "[domain-name:value = 'secret-flirtparadise.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:11:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee5db-6454-4ec3-a083-4d79950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:11:55.000Z",
"modified": "2018-10-23T09:11:55.000Z",
"description": "Inactive domain - resolves a streaming site",
"pattern": "[domain-name:value = 'findyour-dating1.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:11:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee5db-b0a0-4d0e-ba3d-4a91950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:11:55.000Z",
"modified": "2018-10-23T09:11:55.000Z",
"description": "Inactive domain - resolves a warez site",
"pattern": "[domain-name:value = 'myhookup-clubs.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:11:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee646-01b0-42e3-bd41-4941950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:13:42.000Z",
"modified": "2018-10-23T09:13:42.000Z",
"description": "Shows a casino offer",
"pattern": "[domain-name:value = 'os-print.win']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:13:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee649-0e68-4881-90e0-4f65950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:13:45.000Z",
"modified": "2018-10-23T09:13:45.000Z",
"description": "ERR_CONNECTION_TIMED_OUT",
"pattern": "[domain-name:value = 'vrb-kontosicherheit.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:13:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee64a-8494-4b6f-8848-4656950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:13:46.000Z",
"modified": "2018-10-23T09:13:46.000Z",
"description": "Empty page",
"pattern": "[domain-name:value = 'enterwords.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:13:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee64a-d5e0-4c64-a981-43ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:13:46.000Z",
"modified": "2018-10-23T09:13:46.000Z",
"description": "Empty page",
"pattern": "[domain-name:value = 'improbablead.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:13:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee64b-d4c8-4398-9710-4ad6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:13:47.000Z",
"modified": "2018-10-23T09:13:47.000Z",
"description": "Empty page",
"pattern": "[domain-name:value = 'honeyindoc.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:13:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee64b-ba50-417e-a7d7-4561950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:13:47.000Z",
"modified": "2018-10-23T09:13:47.000Z",
"description": "Empty page",
"pattern": "[domain-name:value = 'vivedoc.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:13:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee6d6-c9e0-4aa6-8e7b-4300950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:16:06.000Z",
"modified": "2018-10-23T09:16:06.000Z",
"description": "appears to be a cryptocurrency exchange website",
"pattern": "[domain-name:value = 'wex.ac']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:16:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcdd845-8e88-4c09-a35d-4e4f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-22T14:01:41.000Z",
"modified": "2018-10-22T14:01:41.000Z",
"description": "Windows security center stops monitoring the \r\nstatus of an antivirus protection",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SOFTWARE\\\\Microsoft\\\\Security Center\\\\AntiVirusOverride' AND windows-registry-key:values[0].data = '1' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-22T14:01:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcecafe-9d14-4881-9aa2-4f6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T07:17:18.000Z",
"modified": "2018-10-23T07:17:18.000Z",
"description": "No clear documentation available but it seems like it disables the antivirus updates.",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SOFTWARE\\\\Microsoft\\\\Security Center\\\\UpdatesOverride' AND windows-registry-key:values[0].data = '1' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T07:17:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcecdb3-6f40-48b7-b0a8-429a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T07:35:08.000Z",
"modified": "2018-10-23T07:35:08.000Z",
"description": "Turns of the firewall",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SOFTWARE\\\\Microsoft\\\\Security Center\\\\FirewallOverride' AND windows-registry-key:values[0].data = '1' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T07:35:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcece32-99e0-4322-9fa2-43c0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T07:33:46.000Z",
"modified": "2018-10-23T07:33:46.000Z",
"description": "Disables the antivirus notifications",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SOFTWARE\\\\Microsoft\\\\Security Center\\\\AntiVirusDisableNotify' AND windows-registry-key:values[0].data = '1' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T07:33:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcecec6-dd44-469f-946d-4a7a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T07:33:26.000Z",
"modified": "2018-10-23T07:33:26.000Z",
"description": "Disables security center update notifications",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SOFTWARE\\\\Microsoft\\\\Security Center\\\\AutoUpdateDisableNotify' AND windows-registry-key:values[0].data = '1' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T07:33:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcecf53-7f38-40ef-8354-432a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T07:35:47.000Z",
"modified": "2018-10-23T07:35:47.000Z",
"description": "Disables firewall notifications",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SOFTWARE\\\\Microsoft\\\\Security Center\\\\FirewallDisableNotify' AND windows-registry-key:values[0].data = '1' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T07:35:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcecfb1-80e4-42f4-a579-4322950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T07:37:21.000Z",
"modified": "2018-10-23T07:37:21.000Z",
"description": "Disables system restore points",
"pattern": "[windows-registry-key:key = 'HKLM\\\\SOFTWARE\\\\Microsoft\\\\Windows NT\\\\CurrentVersion\\\\SystemRestore\\\\DisableSR' AND windows-registry-key:values[0].data = '1' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKLM']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T07:37:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bced0b7-10c8-45ae-80a2-45c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T07:41:43.000Z",
"modified": "2018-10-23T07:41:43.000Z",
"description": "Creates an autostart entry",
"pattern": "[windows-registry-key:key = 'HKCU\\\\SOFTWARE\\\\Microsoft\\\\CurrentVersion\\\\Run' AND windows-registry-key:values[0].data = '\\\\%WINDIR\\\\%\\\\T08606085085860\\\\winsvc32.exe' AND windows-registry-key:values[0].data_type = 'REG_NONE' AND windows-registry-key:x_misp_root_keys = 'HKCU']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T07:41:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"registry-key\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bced4a8-5a28-4d6b-bb6d-4dd6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T07:58:32.000Z",
"modified": "2018-10-23T07:58:32.000Z",
"pattern": "[file:name = 'DEVICEMANAGER.EXE' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T07:58:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5bcee70d-6b2c-4c7c-baaa-4f5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-10-23T09:17:01.000Z",
"modified": "2018-10-23T09:17:01.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.63.197.48') AND network-traffic:dst_port = '8080']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-10-23T09:17:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink