adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5d13be9e-bb04-4946-899d-409e02de0b81.json

1873 lines
No EOL
75 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5d13be9e-bb04-4946-899d-409e02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-07-10T13:26:48.000Z",
"modified": "2020-07-10T13:26:48.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5d13be9e-bb04-4946-899d-409e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-07-10T13:26:48.000Z",
"modified": "2020-07-10T13:26:48.000Z",
"name": "Soft Cell case - Related indicators from correlations",
"published": "2020-07-10T13:27:09Z",
"object_refs": [
"indicator--5d13beb9-9aac-47bd-b831-479802de0b81",
"indicator--5d13beb9-0aa4-4139-bb10-4c0302de0b81",
"indicator--5d13beb9-f780-4a83-8682-4a7a02de0b81",
"indicator--5d13beb9-bbcc-473f-a1df-480402de0b81",
"indicator--5d13beb9-e288-4d7d-b564-420902de0b81",
"indicator--5d13beb9-4184-4585-b676-4d6502de0b81",
"indicator--5d13beb9-a71c-4126-be17-4d2b02de0b81",
"indicator--5d13beb9-e17c-4690-aff5-444902de0b81",
"indicator--5d13beb9-b1f8-4716-8d89-419402de0b81",
"indicator--5d13beb9-0ca0-447f-838f-458102de0b81",
"indicator--5d13beb9-89b0-4419-8775-483f02de0b81",
"indicator--5d13beb9-91d0-4529-8b77-4bf902de0b81",
"indicator--5d13beb9-43dc-44b7-acdd-484f02de0b81",
"indicator--5d13beb9-c44c-4108-b934-456802de0b81",
"indicator--5d13beb9-0c18-4438-9e15-4e7102de0b81",
"indicator--5d13beb9-15a4-411b-9cc6-49ff02de0b81",
"indicator--5d13beb9-8610-477d-b3d0-4d5902de0b81",
"indicator--5d13beb9-4eec-45e1-a1aa-4ece02de0b81",
"indicator--5d13beb9-872c-4027-a62f-4c5302de0b81",
"indicator--5d13beb9-71f0-47e1-99ae-424002de0b81",
"indicator--5d13beb9-2278-4f6d-8a57-485402de0b81",
"indicator--5d13beb9-df1c-4ac8-927a-4a5b02de0b81",
"indicator--5d13beb9-240c-4205-8ba4-497002de0b81",
"indicator--5d13beb9-55ac-475c-b1fa-43aa02de0b81",
"indicator--5d13beb9-3fbc-426e-b402-41cd02de0b81",
"indicator--5d13beb9-0c88-419a-9bd6-4ad002de0b81",
"indicator--5d13beb9-5b8c-40a3-af8f-493502de0b81",
"indicator--5d13beb9-dfa4-4247-8e37-45a502de0b81",
"indicator--5d13beb9-4a58-4a2b-8672-47de02de0b81",
"indicator--5d13beb9-0390-4b7f-ac78-46c602de0b81",
"indicator--5d13beb9-e888-4872-8da7-4c6f02de0b81",
"indicator--5d13bf36-34b0-463c-94c4-47e302de0b81",
"indicator--5d13bf36-1918-4d1d-a293-4ead02de0b81",
"indicator--5d13bf36-0018-454b-ae78-4c8802de0b81",
"indicator--5d13bf36-9240-415f-a057-443602de0b81",
"indicator--5d13bf36-d01c-41ff-9a8e-4f1202de0b81",
"indicator--5d13bf36-2c4c-4778-86b8-485d02de0b81",
"indicator--5d13bf36-0940-4c62-95f0-442502de0b81",
"indicator--5d13bf36-c440-46dd-93db-491302de0b81",
"indicator--5d13bf36-f87c-4312-923f-4f9602de0b81",
"indicator--5d13bf36-e3f4-424a-86b6-4b5a02de0b81",
"indicator--5d13bf99-1430-4f9d-98d5-bf3202de0b81",
"indicator--5d13bf99-252c-45cb-b663-bf3202de0b81",
"indicator--5d13bf99-294c-45ab-9bd1-bf3202de0b81",
"indicator--5d13bf99-f418-4199-9ba8-bf3202de0b81",
"indicator--5d13bf99-6eac-4a22-8ac1-bf3202de0b81",
"indicator--5d13bf99-2230-4c4d-8d5f-bf3202de0b81",
"indicator--5d13bf99-8ac4-4937-b48f-bf3202de0b81",
"indicator--5d13bf99-b308-4963-a36f-bf3202de0b81",
"indicator--5d13bf99-c720-4faf-b302-bf3202de0b81",
"indicator--5d13bf99-78bc-472a-90af-bf3202de0b81",
"indicator--5d13bf99-ffc4-4388-886d-bf3202de0b81",
"indicator--5d13bf99-8148-49d0-9633-bf3202de0b81",
"indicator--5d13bf99-1e48-473f-80e8-bf3202de0b81",
"indicator--5d13bf99-960c-4884-b932-bf3202de0b81",
"indicator--5d13bf99-fa48-4773-9bbd-bf3202de0b81",
"indicator--5d13bf99-7c18-450a-b719-bf3202de0b81",
"indicator--5d13bf99-cfc0-46a7-b030-bf3202de0b81",
"indicator--5d13bf99-2938-4dcc-b9e4-bf3202de0b81",
"indicator--5d13bf99-d5e8-4aa7-a0d2-bf3202de0b81",
"indicator--5d13bf99-a5e4-43bd-8be5-bf3202de0b81",
"indicator--5d13bf99-d680-4508-b545-bf3202de0b81",
"indicator--5d13bf99-d134-4529-92ab-bf3202de0b81",
"indicator--5d13bf99-83e4-49d8-9a21-bf3202de0b81",
"indicator--5d13bf99-213c-4b63-8b42-bf3202de0b81",
"indicator--5d13bf99-f8c8-4768-bf68-bf3202de0b81",
"indicator--5d13bf99-bf00-4afd-ac6c-bf3202de0b81",
"indicator--5d13bf99-1198-42a3-a4ad-bf3202de0b81",
"indicator--5d13bf99-0608-4d2e-95de-bf3202de0b81",
"indicator--5d13bf99-cf84-4700-a457-bf3202de0b81",
"indicator--5d13bf99-c1c4-485d-acfb-bf3202de0b81",
"indicator--5d13bf99-7594-4dde-8981-bf3202de0b81",
"indicator--5d13bf99-eec0-40fd-abb6-bf3202de0b81",
"indicator--5d13bf99-8490-4d7f-8c05-bf3202de0b81",
"indicator--5d13bf99-9884-4140-9ab3-bf3202de0b81",
"indicator--5d13bf9a-4028-460d-a9cb-bf3202de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-9aac-47bd-b831-479802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'asyspy256.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-0aa4-4139-bb10-4c0302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[file:hashes.SHA256 = '177fcb8c089ad981fd1353d74fce5d13f26a6db78224c96209162cc145cf5ee8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-f780-4a83-8682-4a7a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[file:hashes.SHA256 = '40d6a2f0e12cbaa34db35bf2bac713cb3ab26e01c26289ad74fd88391ff33a84']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-bbcc-473f-a1df-480402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[url:value = 'https://asyspy256.ddns.net/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-e288-4d7d-b564-420902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[url:value = 'http://asyspy256.ddns.net/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-4184-4585-b676-4d6502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[file:hashes.SHA256 = '56620a8035dc7244ccd525f11ed4b1b683794e9d72076363c6a8424ccfe64dd5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-a71c-4126-be17-4d2b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.56.60.240']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-e17c-4690-aff5-444902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.121.48.106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-b1f8-4716-8d89-419402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.213.106.148']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-0ca0-447f-838f-458102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.21.23.69']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-89b0-4419-8775-483f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.184.15.106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-91d0-4529-8b77-4bf902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'sz2016rose.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-43dc-44b7-acdd-484f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'hotkillmail9sddcc.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-c44c-4108-b934-456802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'rosaf112.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-0c18-4438-9e15-4e7102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'cvdfhjh1231.myftp.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-15a4-411b-9cc6-49ff02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = '211-21-23-69.hinet-ip.hinet.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-8610-477d-b3d0-4d5902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'dffwescwer4325.myftp.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-4eec-45e1-a1aa-4ece02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'cvdfhjh12311.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-872c-4027-a62f-4c5302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'cvdfhjh1231.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-71f0-47e1-99ae-424002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'www.zhonglic.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-2278-4f6d-8a57-485402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = '8993327.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-df1c-4ac8-927a-4a5b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'ns1.hostgamma.asia']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-240c-4205-8ba4-497002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'bm999999.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-55ac-475c-b1fa-43aa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'www.bm999999.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-3fbc-426e-b402-41cd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = '15e752e3e1a29b41.cdn.jiashule.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-0c88-419a-9bd6-4ad002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'ns11.kowloonhosting.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-5b8c-40a3-af8f-493502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'swisspatentlaw.cn']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-dfa4-4247-8e37-45a502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'prescottarts.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-4a58-4a2b-8672-47de02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[domain-name:value = 'ressya-hiroba.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-0390-4b7f-ac78-46c602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[url:value = 'https://hotkillmail9sddcc.ddns.net/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13beb9-e888-4872-8da7-4c6f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:51:37.000Z",
"modified": "2019-06-26T18:51:37.000Z",
"pattern": "[url:value = 'http://hotkillmail9sddcc.ddns.net/84efbd38001399bd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:51:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf36-34b0-463c-94c4-47e302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:53:42.000Z",
"modified": "2019-06-26T18:53:42.000Z",
"pattern": "[file:hashes.SHA256 = 'fa599fddd6b6df4b654e022fe7a91c82152f983e1ce0b97406eb27bb2fb4c3ab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:53:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf36-1918-4d1d-a293-4ead02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:53:42.000Z",
"modified": "2019-06-26T18:53:42.000Z",
"pattern": "[file:hashes.SHA256 = '12979d85d37a7e246757d5ebf238c6ac91e6641950cf45d95b104eb7dbb7db71']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:53:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf36-0018-454b-ae78-4c8802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:53:42.000Z",
"modified": "2019-06-26T18:53:42.000Z",
"pattern": "[url:value = 'http://rosaf112.ddns.net/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:53:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf36-9240-415f-a057-443602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:53:42.000Z",
"modified": "2019-06-26T18:53:42.000Z",
"pattern": "[url:value = 'http://sz2016rose.ddns.net/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:53:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf36-d01c-41ff-9a8e-4f1202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:53:42.000Z",
"modified": "2019-06-26T18:53:42.000Z",
"pattern": "[url:value = 'http://hotkillmail9sddcc.ddns.net/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:53:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf36-2c4c-4778-86b8-485d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:53:42.000Z",
"modified": "2019-06-26T18:53:42.000Z",
"pattern": "[url:value = 'https://sz2016rose.ddns.net/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:53:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf36-0940-4c62-95f0-442502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:53:42.000Z",
"modified": "2019-06-26T18:53:42.000Z",
"pattern": "[url:value = 'https://cvdfhjh1231.myftp.biz/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:53:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf36-c440-46dd-93db-491302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:53:42.000Z",
"modified": "2019-06-26T18:53:42.000Z",
"pattern": "[url:value = 'http://cvdfhjh1231.myftp.biz/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:53:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf36-f87c-4312-923f-4f9602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:53:42.000Z",
"modified": "2019-06-26T18:53:42.000Z",
"pattern": "[url:value = 'https://rosaf112.ddns.net/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:53:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf36-e3f4-424a-86b6-4b5a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:53:42.000Z",
"modified": "2019-06-26T18:53:42.000Z",
"pattern": "[url:value = 'http://rosaf112.ddns.net/rosaf112.ddns.net/65afed00000000ca']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:53:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-1430-4f9d-98d5-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-07-10T13:26:47.000Z",
"modified": "2020-07-10T13:26:47.000Z",
"description": "SINKHOLE",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.77.226.209']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2020-07-10T13:26:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-252c-45cb-b663-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = 'ca297d004b32a058b56a2360a38b8841483c97642b243b97c3e2a26386665f5c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-294c-45ab-9bd1-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = '60faca782fa4be9366714d63f581afe5e3bec28968e4d8bf13ddb27cbf69308e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-f418-4199-9ba8-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = 'e1eedf55a76696735ca11ae38bfb8079fd9870dd823b8e0510704fd1c3877cd4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-6eac-4a22-8ac1-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = '430683d033fe8d97300fa5dfac139f9b407d930a2f05455a24433192e1034eab']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-2230-4c4d-8d5f-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = '57baf7f8092fc10b488271603fadb80e8d73b2944ddbf9868441d54c730b607e']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-8ac4-4937-b48f-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[domain-name:value = 'gokeenakte.top']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-b308-4963-a36f-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[domain-name:value = 'ciscoupdate2019.gotdns.ch']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-c720-4faf-b302-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[domain-name:value = 'zstoreshoping.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-78bc-472a-90af-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[domain-name:value = 'booomaahuuoooapl.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-ffc4-4388-886d-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[domain-name:value = 'tashdqdxp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-8148-49d0-9633-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[domain-name:value = 'download311a7g5117main.booomaahuuoooapl.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-1e48-473f-80e8-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[domain-name:value = 'joshel.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-960c-4884-b932-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[domain-name:value = 'www.tashdqdxp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-fa48-4773-9bbd-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[domain-name:value = 'buygearnow.xyz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-7c18-450a-b719-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = 'b32c619e1976f425192f50bd9c0a345c62695221142c9803d180d769c3a138da']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-cfc0-46a7-b030-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = 'd87997a5749f699e77e56aa651c076f408aaa1e906f165bc33f7239f90d6b0fd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-2938-4dcc-b9e4-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = 'fd20b7afc3581173c7e80fa67bd7bf3962fe8e757dc131315c4932dc4dce7c83']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-d5e8-4aa7-a0d2-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = '074cc53b54be2de8ca4900dd2d7821fb09c2025fb399400835db4936d5b3e819']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-a5e4-43bd-8be5-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = 'd52375f8ab4333175944299d6bf8362956f2336ac02f3f657601939a2e1b860b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-d680-4508-b545-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = 'cf24b8da54c9736afe16c89271381df6586d20c4594f08211a2a9327a548f0ad']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-d134-4529-92ab-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = 'd85f1a383fd80fe3fcd4acbbc24b21e21eda4f35b63378fd6853d583eff14f4c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-83e4-49d8-9a21-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = '4601d9af39d22b5e9d6e6afcd36e594b10b43942b4f8fa60da1a4f4660264490']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-213c-4b63-8b42-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = '25750861d22973ea96d028ba89d0c92cc7ab7cff313df87f787fe87746ce8f63']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-f8c8-4768-bf68-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[file:hashes.SHA256 = '01299f05e555230f617d04867414c261eee9d26d215835e56cef7f252c9a9bd2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-bf00-4afd-ac6c-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[url:value = 'https://dffwescwer4325.myftp.biz/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-1198-42a3-a4ad-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[url:value = 'http://gokeenakte.top/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-0608-4d2e-95de-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[url:value = 'http://ciscoupdate2019.gotdns.ch/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-cf84-4700-a457-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[url:value = 'http://45.77.226.209/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-c1c4-485d-acfb-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[url:value = 'http://zstoreshoping.ddns.net/data']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-7594-4dde-8981-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[url:value = 'http://tashdqdxp.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-eec0-40fd-abb6-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[url:value = 'http://booomaahuuoooapl.ru/t.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-8490-4d7f-8c05-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[url:value = 'http://booomaahuuoooapl.ru/m.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf99-9884-4140-9ab3-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:21.000Z",
"modified": "2019-06-26T18:55:21.000Z",
"pattern": "[url:value = 'http://joshel.com/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5d13bf9a-4028-460d-a9cb-bf3202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-06-26T18:55:22.000Z",
"modified": "2019-06-26T18:55:22.000Z",
"pattern": "[url:value = 'http://booomaahuuoooapl.ru/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-06-26T18:55:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink