adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5d9b516c-e5f0-4e7c-a958-5d8c0a019371.json

3117 lines
No EOL
128 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5d9b516c-e5f0-4e7c-a958-5d8c0a019371",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2021-06-01T13:10:01.000Z",
"modified": "2021-06-01T13:10:01.000Z",
"name": "ESET",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5d9b516c-e5f0-4e7c-a958-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2021-06-01T13:10:01.000Z",
"modified": "2021-06-01T13:10:01.000Z",
"name": "Operation Ghost - White Paper",
"published": "2021-06-02T05:37:05Z",
"object_refs": [
"observed-data--5d9b51aa-15c8-4405-af09-68700a019371",
"file--5d9b51aa-15c8-4405-af09-68700a019371",
"observed-data--5d9b51aa-ace8-4da0-8312-68700a019371",
"file--5d9b51aa-ace8-4da0-8312-68700a019371",
"observed-data--5d9b51aa-9458-4ae0-9484-68700a019371",
"file--5d9b51aa-9458-4ae0-9484-68700a019371",
"observed-data--5d9b51aa-6afc-451f-bab9-68700a019371",
"file--5d9b51aa-6afc-451f-bab9-68700a019371",
"observed-data--5d9b51aa-12dc-4dcc-9417-68700a019371",
"file--5d9b51aa-12dc-4dcc-9417-68700a019371",
"observed-data--5d9b51c1-0580-40ee-9b20-5d8c0a019371",
"file--5d9b51c1-0580-40ee-9b20-5d8c0a019371",
"observed-data--5d9b51c1-51b0-4b23-ae70-5d8c0a019371",
"file--5d9b51c1-51b0-4b23-ae70-5d8c0a019371",
"observed-data--5d9b51c1-73f8-40d1-bb26-5d8c0a019371",
"file--5d9b51c1-73f8-40d1-bb26-5d8c0a019371",
"observed-data--5d9b51c1-09fc-40b5-8a60-5d8c0a019371",
"file--5d9b51c1-09fc-40b5-8a60-5d8c0a019371",
"observed-data--5d9b51c1-cd7c-41b9-a8bc-5d8c0a019371",
"file--5d9b51c1-cd7c-41b9-a8bc-5d8c0a019371",
"observed-data--5d9b51c1-e304-4f81-907a-5d8c0a019371",
"file--5d9b51c1-e304-4f81-907a-5d8c0a019371",
"observed-data--5d9b51cf-0878-4c96-be15-5c5f0a019371",
"file--5d9b51cf-0878-4c96-be15-5c5f0a019371",
"observed-data--5d9b51e4-1e94-460f-be39-5d8c0a019371",
"file--5d9b51e4-1e94-460f-be39-5d8c0a019371",
"observed-data--5d9b51e4-4a34-44ca-9a39-5d8c0a019371",
"file--5d9b51e4-4a34-44ca-9a39-5d8c0a019371",
"observed-data--5d9b51f6-2f00-44e4-b4dc-68530a019371",
"file--5d9b51f6-2f00-44e4-b4dc-68530a019371",
"observed-data--5d9b51f6-ce40-4e22-96e3-68530a019371",
"file--5d9b51f6-ce40-4e22-96e3-68530a019371",
"observed-data--5d9b5205-1218-43d1-9cad-5c610a019371",
"file--5d9b5205-1218-43d1-9cad-5c610a019371",
"observed-data--5d9b5212-dd04-4116-8f9a-68700a019371",
"file--5d9b5212-dd04-4116-8f9a-68700a019371",
"x-misp-attribute--5d9b5266-47f4-4e45-ae18-68700a019371",
"x-misp-attribute--5d9b5266-13e0-488a-b58d-68700a019371",
"x-misp-attribute--5d9b5266-50dc-48fd-987d-68700a019371",
"x-misp-attribute--5d9b5266-2f2c-4a50-b04d-68700a019371",
"x-misp-attribute--5d9b5266-4388-4d08-8fff-68700a019371",
"x-misp-attribute--5d9b5266-dbec-4dda-a107-68700a019371",
"x-misp-attribute--5d9b5266-5dfc-4b5e-8514-68700a019371",
"x-misp-attribute--5d9b5266-b3f8-4c0c-af39-68700a019371",
"x-misp-attribute--5d9b5266-9fb4-4c4f-adfe-68700a019371",
"x-misp-attribute--5d9b5266-2ce8-4cbc-a8aa-68700a019371",
"x-misp-attribute--5d9b5266-8d30-48e8-ab45-68700a019371",
"x-misp-attribute--5d9b5266-eddc-4911-b1b5-68700a019371",
"x-misp-attribute--5d9b5266-ccf4-4375-92c4-68700a019371",
"observed-data--5d9b5280-4ba0-4020-9d93-244b0a019371",
"url--5d9b5280-4ba0-4020-9d93-244b0a019371",
"observed-data--5d9b5280-6ec4-4c3f-8491-244b0a019371",
"url--5d9b5280-6ec4-4c3f-8491-244b0a019371",
"observed-data--5d9b5280-02dc-4d44-baee-244b0a019371",
"url--5d9b5280-02dc-4d44-baee-244b0a019371",
"observed-data--5d9b5280-08c4-4135-b041-244b0a019371",
"url--5d9b5280-08c4-4135-b041-244b0a019371",
"observed-data--5d9b5280-e778-4c75-a841-244b0a019371",
"url--5d9b5280-e778-4c75-a841-244b0a019371",
"observed-data--5d9b5280-d990-4a08-b579-244b0a019371",
"url--5d9b5280-d990-4a08-b579-244b0a019371",
"observed-data--5d9b5280-c0dc-4d7c-9d79-244b0a019371",
"url--5d9b5280-c0dc-4d7c-9d79-244b0a019371",
"observed-data--5d9b5280-19f8-4153-9e84-244b0a019371",
"url--5d9b5280-19f8-4153-9e84-244b0a019371",
"observed-data--5d9b5280-4754-4a4a-bc66-244b0a019371",
"url--5d9b5280-4754-4a4a-bc66-244b0a019371",
"observed-data--5d9b5280-e4a8-42be-9860-244b0a019371",
"url--5d9b5280-e4a8-42be-9860-244b0a019371",
"observed-data--5d9b5280-34c8-45be-b9c6-244b0a019371",
"url--5d9b5280-34c8-45be-b9c6-244b0a019371",
"observed-data--5d9b5280-1c78-424a-8957-244b0a019371",
"url--5d9b5280-1c78-424a-8957-244b0a019371",
"observed-data--5d9b5280-684c-45e0-bf7d-244b0a019371",
"url--5d9b5280-684c-45e0-bf7d-244b0a019371",
"observed-data--5d9b5280-4b70-4e3c-97d7-244b0a019371",
"url--5d9b5280-4b70-4e3c-97d7-244b0a019371",
"observed-data--5d9b5280-af58-4b15-bc0c-244b0a019371",
"url--5d9b5280-af58-4b15-bc0c-244b0a019371",
"observed-data--5d9b5280-7e08-40df-bc6d-244b0a019371",
"url--5d9b5280-7e08-40df-bc6d-244b0a019371",
"observed-data--5d9b5280-f4d4-499e-9ad1-244b0a019371",
"url--5d9b5280-f4d4-499e-9ad1-244b0a019371",
"observed-data--5d9b5280-23a8-4073-a28b-244b0a019371",
"url--5d9b5280-23a8-4073-a28b-244b0a019371",
"observed-data--5d9b5280-ee28-414f-b997-244b0a019371",
"url--5d9b5280-ee28-414f-b997-244b0a019371",
"observed-data--5d9b5280-2a28-4405-8359-244b0a019371",
"url--5d9b5280-2a28-4405-8359-244b0a019371",
"observed-data--5d9b5280-8e90-4f56-a4f2-244b0a019371",
"url--5d9b5280-8e90-4f56-a4f2-244b0a019371",
"observed-data--5d9b5280-57c0-4f8b-b4fd-244b0a019371",
"url--5d9b5280-57c0-4f8b-b4fd-244b0a019371",
"observed-data--5d9b5280-ebd8-4e88-8f89-244b0a019371",
"url--5d9b5280-ebd8-4e88-8f89-244b0a019371",
"observed-data--5d9b5280-1fd8-449a-bcca-244b0a019371",
"url--5d9b5280-1fd8-449a-bcca-244b0a019371",
"observed-data--5d9b5280-f204-4212-9bf0-244b0a019371",
"url--5d9b5280-f204-4212-9bf0-244b0a019371",
"observed-data--5d9b5280-f86c-4c2c-8488-244b0a019371",
"url--5d9b5280-f86c-4c2c-8488-244b0a019371",
"observed-data--5d9b5280-3374-45d5-9e50-244b0a019371",
"url--5d9b5280-3374-45d5-9e50-244b0a019371",
"observed-data--5d9b5280-43e8-42db-9dff-244b0a019371",
"url--5d9b5280-43e8-42db-9dff-244b0a019371",
"observed-data--5d9b5280-8d00-4008-a567-244b0a019371",
"url--5d9b5280-8d00-4008-a567-244b0a019371",
"observed-data--5d9b5280-92e8-4fb5-a248-244b0a019371",
"url--5d9b5280-92e8-4fb5-a248-244b0a019371",
"observed-data--5d9b5280-d0ac-4e23-8073-244b0a019371",
"url--5d9b5280-d0ac-4e23-8073-244b0a019371",
"observed-data--5d9b5280-dd60-40ae-8193-244b0a019371",
"url--5d9b5280-dd60-40ae-8193-244b0a019371",
"observed-data--5d9b5280-5b00-4262-a7b8-244b0a019371",
"url--5d9b5280-5b00-4262-a7b8-244b0a019371",
"observed-data--5d9b5280-7810-479d-83f3-244b0a019371",
"url--5d9b5280-7810-479d-83f3-244b0a019371",
"observed-data--5d9b5280-1d58-475f-b0a1-244b0a019371",
"url--5d9b5280-1d58-475f-b0a1-244b0a019371",
"observed-data--5d9b5280-e1e0-4b90-ac29-244b0a019371",
"url--5d9b5280-e1e0-4b90-ac29-244b0a019371",
"observed-data--5d9b5280-fa88-455d-81df-244b0a019371",
"url--5d9b5280-fa88-455d-81df-244b0a019371",
"observed-data--5d9b5280-f454-4a69-800d-244b0a019371",
"url--5d9b5280-f454-4a69-800d-244b0a019371",
"observed-data--5d9b5280-8a20-4d7c-9c2b-244b0a019371",
"url--5d9b5280-8a20-4d7c-9c2b-244b0a019371",
"observed-data--5d9b5280-cc94-4a3f-8188-244b0a019371",
"url--5d9b5280-cc94-4a3f-8188-244b0a019371",
"observed-data--5d9b5280-6850-4edc-a27a-244b0a019371",
"url--5d9b5280-6850-4edc-a27a-244b0a019371",
"observed-data--5d9b5280-9718-4951-a03f-244b0a019371",
"url--5d9b5280-9718-4951-a03f-244b0a019371",
"observed-data--5d9b5280-b344-4e20-83df-244b0a019371",
"url--5d9b5280-b344-4e20-83df-244b0a019371",
"observed-data--5d9b5280-bcb0-4d3c-8399-244b0a019371",
"url--5d9b5280-bcb0-4d3c-8399-244b0a019371",
"observed-data--5d9b5280-af10-419a-a616-244b0a019371",
"url--5d9b5280-af10-419a-a616-244b0a019371",
"observed-data--5d9b5280-32e4-4037-907f-244b0a019371",
"url--5d9b5280-32e4-4037-907f-244b0a019371",
"observed-data--5d9b5280-2990-4c1a-af9d-244b0a019371",
"url--5d9b5280-2990-4c1a-af9d-244b0a019371",
"observed-data--5d9b5280-ce34-4474-8848-244b0a019371",
"url--5d9b5280-ce34-4474-8848-244b0a019371",
"observed-data--5d9b5280-8ef8-4149-8f81-244b0a019371",
"url--5d9b5280-8ef8-4149-8f81-244b0a019371",
"observed-data--5d9b5299-d71c-4634-b0cd-5d8c0a019371",
"domain-name--5d9b5299-d71c-4634-b0cd-5d8c0a019371",
"observed-data--5d9b5299-9690-4856-93cc-5d8c0a019371",
"domain-name--5d9b5299-9690-4856-93cc-5d8c0a019371",
"observed-data--5d9b5299-aed4-4bd9-a01f-5d8c0a019371",
"domain-name--5d9b5299-aed4-4bd9-a01f-5d8c0a019371",
"observed-data--5d9b5299-ecbc-47bd-9803-5d8c0a019371",
"domain-name--5d9b5299-ecbc-47bd-9803-5d8c0a019371",
"observed-data--5d9b5299-ffac-4393-a3bd-5d8c0a019371",
"domain-name--5d9b5299-ffac-4393-a3bd-5d8c0a019371",
"observed-data--5d9b5299-78ac-44c7-939a-5d8c0a019371",
"domain-name--5d9b5299-78ac-44c7-939a-5d8c0a019371",
"observed-data--5d9b5299-279c-4661-a5cf-5d8c0a019371",
"domain-name--5d9b5299-279c-4661-a5cf-5d8c0a019371",
"observed-data--5d9b5299-8b04-4f83-9e97-5d8c0a019371",
"domain-name--5d9b5299-8b04-4f83-9e97-5d8c0a019371",
"observed-data--5d9b5299-08fc-46c2-bb47-5d8c0a019371",
"domain-name--5d9b5299-08fc-46c2-bb47-5d8c0a019371",
"observed-data--5d9b5299-a39c-4b8e-b592-5d8c0a019371",
"domain-name--5d9b5299-a39c-4b8e-b592-5d8c0a019371",
"observed-data--5d9b5299-4584-4b2c-bf57-5d8c0a019371",
"domain-name--5d9b5299-4584-4b2c-bf57-5d8c0a019371",
"observed-data--5d9b5299-8a10-48d9-abd0-5d8c0a019371",
"domain-name--5d9b5299-8a10-48d9-abd0-5d8c0a019371",
"observed-data--5d9b52b3-692c-42fd-8777-68ba0a019371",
"domain-name--5d9b52b3-692c-42fd-8777-68ba0a019371",
"observed-data--5d9b52b3-a030-462c-841c-68ba0a019371",
"domain-name--5d9b52b3-a030-462c-841c-68ba0a019371",
"observed-data--5d9b52c4-6a88-4f09-8ce9-646f0a019371",
"domain-name--5d9b52c4-6a88-4f09-8ce9-646f0a019371",
"observed-data--5d9b52c4-44c0-421c-bbf8-646f0a019371",
"domain-name--5d9b52c4-44c0-421c-bbf8-646f0a019371",
"observed-data--5d9b52c4-d48c-473f-a0f5-646f0a019371",
"domain-name--5d9b52c4-d48c-473f-a0f5-646f0a019371",
"observed-data--5d9b52c4-ac58-483f-9134-646f0a019371",
"domain-name--5d9b52c4-ac58-483f-9134-646f0a019371",
"observed-data--5d9b52c4-a184-4467-b8a8-646f0a019371",
"domain-name--5d9b52c4-a184-4467-b8a8-646f0a019371",
"observed-data--5d9b52d2-12f4-4be6-9e91-5c5f0a019371",
"domain-name--5d9b52d2-12f4-4be6-9e91-5c5f0a019371",
"observed-data--5da6e0e8-c12c-42c3-a3c3-7b6a0a019371",
"url--5da6e0e8-c12c-42c3-a3c3-7b6a0a019371",
"observed-data--5da84c74-3a94-4f8d-87ee-2de0ac1d4fa4",
"url--5da84c74-3a94-4f8d-87ee-2de0ac1d4fa4",
"indicator--5da878f0-1300-4ce9-9e0a-2132ac1d4fa4",
"indicator--5da878f0-6e74-4476-8910-2132ac1d4fa4",
"indicator--5da878f0-69d0-4357-b2b1-2132ac1d4fa4",
"indicator--5da878f0-6bd0-4eb2-9b79-2132ac1d4fa4",
"indicator--5da878f0-6990-4395-b64b-2132ac1d4fa4",
"indicator--5da8705f-99a8-47bd-a02d-2180ac1d4fa4",
"indicator--5da8705f-7d18-4de8-b4e2-2180ac1d4fa4",
"x-misp-attribute--5da8705f-fc2c-405f-80a4-2180ac1d4fa4",
"indicator--5da8705f-daa8-4319-9aea-2180ac1d4fa4",
"indicator--5da86f11-6b00-48fc-9e42-2d68ac1d4fa4",
"indicator--5da86085-6120-4903-b787-5986ac1d4fa4",
"indicator--5da8663d-be44-4698-9b1c-571cac1d4fa4",
"indicator--5da8663d-1678-4340-85c8-571cac1d4fa4",
"indicator--5da8663d-2efc-4817-9207-571cac1d4fa4",
"indicator--5da8663d-5818-4164-bc18-571cac1d4fa4",
"indicator--5da8663d-ffa8-451d-84a2-571cac1d4fa4",
"indicator--5da8663d-a774-43ec-8f0e-571cac1d4fa4",
"indicator--5da8663d-d6bc-4d24-9bfa-571cac1d4fa4",
"indicator--5da8663d-ca38-4e38-894a-571cac1d4fa4",
"indicator--5da8663d-4f90-4517-a01f-571cac1d4fa4"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:threat-actor=\"APT 29\"",
"misp-galaxy:mitre-attack-pattern=\"Spearphishing Attachment - T1193\"",
"misp-galaxy:mitre-attack-pattern=\"Execution through API - T1106\"",
"misp-galaxy:mitre-attack-pattern=\"Execution through Module Load - T1129\"",
"misp-galaxy:mitre-attack-pattern=\"PowerShell - T1086\"",
"misp-galaxy:mitre-attack-pattern=\"Rundll32 - T1085\"",
"misp-galaxy:mitre-attack-pattern=\"Scripting - T1064\"",
"misp-galaxy:mitre-attack-pattern=\"Service Execution - T1035\"",
"misp-galaxy:mitre-attack-pattern=\"Valid Accounts - T1078\"",
"misp-galaxy:mitre-attack-pattern=\"Deobfuscate/Decode Files or Information - T1140\"",
"misp-galaxy:mitre-attack-pattern=\"File Deletion - T1107\"",
"misp-galaxy:mitre-attack-pattern=\"Modify Registry - T1112\"",
"misp-galaxy:mitre-attack-pattern=\"Obfuscated Files or Information - T1027\"",
"misp-galaxy:mitre-attack-pattern=\"Registry Run Keys / Startup Folder - T1060\"",
"misp-galaxy:mitre-attack-pattern=\"Scheduled Task - T1053\"",
"misp-galaxy:mitre-attack-pattern=\"Software Packing - T1045\"",
"misp-galaxy:mitre-attack-pattern=\"Web Service - T1102\"",
"misp-galaxy:mitre-attack-pattern=\"Windows Management Instrumentation Event Subscription - T1084\"",
"misp-galaxy:mitre-attack-pattern=\"Connection Proxy - T1090\"",
"misp-galaxy:mitre-attack-pattern=\"Data Obfuscation - T1001\"",
"misp-galaxy:mitre-attack-pattern=\"Data from Local System - T1005\"",
"misp-galaxy:mitre-attack-pattern=\"Data from Network Shared Drive - T1039\"",
"misp-galaxy:mitre-attack-pattern=\"Data from Removable Media - T1025\"",
"misp-galaxy:mitre-attack-pattern=\"Exfiltration Over Command and Control Channel - T1041\"",
"misp-galaxy:mitre-attack-pattern=\"Fallback Channels - T1008\"",
"misp-galaxy:mitre-attack-pattern=\"File and Directory Discovery - T1083\"",
"misp-galaxy:mitre-attack-pattern=\"Network Share Discovery - T1135\"",
"misp-galaxy:mitre-attack-pattern=\"Process Discovery - T1057\"",
"misp-galaxy:mitre-attack-pattern=\"Standard Application Layer Protocol - T1071\"",
"misp-galaxy:mitre-attack-pattern=\"System Network Connections Discovery - T1049\"",
"misp-galaxy:mitre-attack-pattern=\"Windows Admin Shares - T1077\"",
"type:OSINT",
"osint:lifetime=\"perpetual\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51aa-15c8-4405-af09-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:54:34.000Z",
"modified": "2019-10-07T14:54:34.000Z",
"first_observed": "2019-10-07T14:54:34Z",
"last_observed": "2019-10-07T14:54:34Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51aa-15c8-4405-af09-68700a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51aa-15c8-4405-af09-68700a019371",
"hashes": {
"SHA-1": "4ba559c403ff3f5cc2571ae0961eaff6cf0a50f6"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51aa-ace8-4da0-8312-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:54:34.000Z",
"modified": "2019-10-07T14:54:34.000Z",
"first_observed": "2019-10-07T14:54:34Z",
"last_observed": "2019-10-07T14:54:34Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51aa-ace8-4da0-8312-68700a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51aa-ace8-4da0-8312-68700a019371",
"hashes": {
"SHA-1": "cf14ac569a63df214128f375c12d90e535770395"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51aa-9458-4ae0-9484-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:54:34.000Z",
"modified": "2019-10-07T14:54:34.000Z",
"first_observed": "2019-10-07T14:54:34Z",
"last_observed": "2019-10-07T14:54:34Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51aa-9458-4ae0-9484-68700a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51aa-9458-4ae0-9484-68700a019371",
"hashes": {
"SHA-1": "539d021cd17d901539a5e1132ecaab7164ed5db5"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51aa-6afc-451f-bab9-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:54:34.000Z",
"modified": "2019-10-07T14:54:34.000Z",
"first_observed": "2019-10-07T14:54:34Z",
"last_observed": "2019-10-07T14:54:34Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51aa-6afc-451f-bab9-68700a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51aa-6afc-451f-bab9-68700a019371",
"hashes": {
"SHA-1": "0e25ee58b119dd48b7c9931879294ac3fc433f50"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51aa-12dc-4dcc-9417-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:54:34.000Z",
"modified": "2019-10-07T14:54:34.000Z",
"first_observed": "2019-10-07T14:54:34Z",
"last_observed": "2019-10-07T14:54:34Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51aa-12dc-4dcc-9417-68700a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51aa-12dc-4dcc-9417-68700a019371",
"hashes": {
"SHA-1": "d625c7ce9dc7e56a29ec9a81650280edc6189616"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51c1-0580-40ee-9b20-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:54:57.000Z",
"modified": "2019-10-07T14:54:57.000Z",
"first_observed": "2019-10-07T14:54:57Z",
"last_observed": "2019-10-07T14:54:57Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51c1-0580-40ee-9b20-5d8c0a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51c1-0580-40ee-9b20-5d8c0a019371",
"hashes": {
"SHA-1": "0a5a7dd4ad0f2e50f3577f8d43a4c55ddc1d80cf"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51c1-51b0-4b23-ae70-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:54:57.000Z",
"modified": "2019-10-07T14:54:57.000Z",
"first_observed": "2019-10-07T14:54:57Z",
"last_observed": "2019-10-07T14:54:57Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51c1-51b0-4b23-ae70-5d8c0a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51c1-51b0-4b23-ae70-5d8c0a019371",
"hashes": {
"SHA-1": "f7fd63c0534d2f717fd5325d4397597c9ee4065f"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51c1-73f8-40d1-bb26-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:54:57.000Z",
"modified": "2019-10-07T14:54:57.000Z",
"first_observed": "2019-10-07T14:54:57Z",
"last_observed": "2019-10-07T14:54:57Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51c1-73f8-40d1-bb26-5d8c0a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51c1-73f8-40d1-bb26-5d8c0a019371",
"hashes": {
"SHA-1": "194d8e2ae4c723ce5fe11c4d9cfefbba32dcf766"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51c1-09fc-40b5-8a60-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:54:57.000Z",
"modified": "2019-10-07T14:54:57.000Z",
"first_observed": "2019-10-07T14:54:57Z",
"last_observed": "2019-10-07T14:54:57Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51c1-09fc-40b5-8a60-5d8c0a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51c1-09fc-40b5-8a60-5d8c0a019371",
"hashes": {
"SHA-1": "64d6c11fff2c2aadaacee01b294afcc751316176"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51c1-cd7c-41b9-a8bc-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:54:57.000Z",
"modified": "2019-10-07T14:54:57.000Z",
"first_observed": "2019-10-07T14:54:57Z",
"last_observed": "2019-10-07T14:54:57Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51c1-cd7c-41b9-a8bc-5d8c0a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51c1-cd7c-41b9-a8bc-5d8c0a019371",
"hashes": {
"SHA-1": "6acc0b1230303f8cf46152697d3036d69ea5a849"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51c1-e304-4f81-907a-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:54:57.000Z",
"modified": "2019-10-07T14:54:57.000Z",
"first_observed": "2019-10-07T14:54:57Z",
"last_observed": "2019-10-07T14:54:57Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51c1-e304-4f81-907a-5d8c0a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51c1-e304-4f81-907a-5d8c0a019371",
"hashes": {
"SHA-1": "170be45669026f3c1fc5ba2d48817dbf950da3f6"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51cf-0878-4c96-be15-5c5f0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:55:11.000Z",
"modified": "2019-10-07T14:55:11.000Z",
"first_observed": "2019-10-07T14:55:11Z",
"last_observed": "2019-10-07T14:55:11Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51cf-0878-4c96-be15-5c5f0a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51cf-0878-4c96-be15-5c5f0a019371",
"hashes": {
"SHA-1": "5905c55189c683bc37258aec28e916c41948cd1c"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51e4-1e94-460f-be39-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:55:32.000Z",
"modified": "2019-10-07T14:55:32.000Z",
"first_observed": "2019-10-07T14:55:32Z",
"last_observed": "2019-10-07T14:55:32Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51e4-1e94-460f-be39-5d8c0a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51e4-1e94-460f-be39-5d8c0a019371",
"hashes": {
"SHA-1": "b05caba461000c6ebd8b237f318577e9bccd6047"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51e4-4a34-44ca-9a39-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:55:32.000Z",
"modified": "2019-10-07T14:55:32.000Z",
"first_observed": "2019-10-07T14:55:32Z",
"last_observed": "2019-10-07T14:55:32Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51e4-4a34-44ca-9a39-5d8c0a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51e4-4a34-44ca-9a39-5d8c0a019371",
"hashes": {
"SHA-1": "718c2ce6170d6ca505297b41de072d8d3b873456"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51f6-2f00-44e4-b4dc-68530a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:55:50.000Z",
"modified": "2019-10-07T14:55:50.000Z",
"first_observed": "2019-10-07T14:55:50Z",
"last_observed": "2019-10-07T14:55:50Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51f6-2f00-44e4-b4dc-68530a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51f6-2f00-44e4-b4dc-68530a019371",
"hashes": {
"SHA-1": "a88da2dd033775f7abc8d6fb3ad5dd48efbeade1"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b51f6-ce40-4e22-96e3-68530a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:55:50.000Z",
"modified": "2019-10-07T14:55:50.000Z",
"first_observed": "2019-10-07T14:55:50Z",
"last_observed": "2019-10-07T14:55:50Z",
"number_observed": 1,
"object_refs": [
"file--5d9b51f6-ce40-4e22-96e3-68530a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b51f6-ce40-4e22-96e3-68530a019371",
"hashes": {
"SHA-1": "db19171b239ef6de8e83b2926eadc652e74a5afa"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5205-1218-43d1-9cad-5c610a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:56:05.000Z",
"modified": "2019-10-07T14:56:05.000Z",
"first_observed": "2019-10-07T14:56:05Z",
"last_observed": "2019-10-07T14:56:05Z",
"number_observed": 1,
"object_refs": [
"file--5d9b5205-1218-43d1-9cad-5c610a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b5205-1218-43d1-9cad-5c610a019371",
"hashes": {
"SHA-1": "9e96b00e9f7eb94a944269108b9e02d97142eedc"
}
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5212-dd04-4116-8f9a-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:56:18.000Z",
"modified": "2019-10-07T14:56:18.000Z",
"first_observed": "2019-10-07T14:56:18Z",
"last_observed": "2019-10-07T14:56:18Z",
"number_observed": 1,
"object_refs": [
"file--5d9b5212-dd04-4116-8f9a-68700a019371"
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--5d9b5212-dd04-4116-8f9a-68700a019371",
"hashes": {
"SHA-1": "af2b46d4371ce632e2669fea1959ee8af4ec39ce"
}
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d9b5266-47f4-4e45-ae18-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:57:42.000Z",
"modified": "2019-10-07T14:57:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Win32/Agent.ZWH"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d9b5266-13e0-488a-b58d-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:57:42.000Z",
"modified": "2019-10-07T14:57:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Win32/Agent.AAPY"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d9b5266-50dc-48fd-987d-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:57:42.000Z",
"modified": "2019-10-07T14:57:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Win64/Agent.OL"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d9b5266-2f2c-4a50-b04d-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:57:42.000Z",
"modified": "2019-10-07T14:57:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "MSIL/Tiny.BG"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d9b5266-4388-4d08-8fff-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:57:42.000Z",
"modified": "2019-10-07T14:57:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "MSIL/Agent.TGC"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d9b5266-dbec-4dda-a107-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:57:42.000Z",
"modified": "2019-10-07T14:57:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "MSIL/Agent.SVP"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d9b5266-5dfc-4b5e-8514-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:57:42.000Z",
"modified": "2019-10-07T14:57:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "MSIL/Agent.SXO"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d9b5266-b3f8-4c0c-af39-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:57:42.000Z",
"modified": "2019-10-07T14:57:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "MSIL/Agent.SYC"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d9b5266-9fb4-4c4f-adfe-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:57:42.000Z",
"modified": "2019-10-07T14:57:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "MSIL/Agent.CAW"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d9b5266-2ce8-4cbc-a8aa-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:57:42.000Z",
"modified": "2019-10-07T14:57:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Win32/Agent.TSG"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d9b5266-8d30-48e8-ab45-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:57:42.000Z",
"modified": "2019-10-07T14:57:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Win32/Agent.TUF"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d9b5266-eddc-4911-b1b5-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:57:42.000Z",
"modified": "2019-10-07T14:57:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Win32/Agent.TSH"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5d9b5266-ccf4-4375-92c4-68700a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:57:42.000Z",
"modified": "2019-10-07T14:57:42.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"Antivirus detection\""
],
"x_misp_category": "Antivirus detection",
"x_misp_type": "text",
"x_misp_value": "Win32/Agent.AART"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-4ba0-4020-9d93-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-4ba0-4020-9d93-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-4ba0-4020-9d93-244b0a019371",
"value": "http://ibb.co/hVhaAq"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-6ec4-4c3f-8491-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-6ec4-4c3f-8491-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-6ec4-4c3f-8491-244b0a019371",
"value": "http://imgur.com/1RzfF7r"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-02dc-4d44-baee-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-02dc-4d44-baee-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-02dc-4d44-baee-244b0a019371",
"value": "http://imgur.com/6wjspWp"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-08c4-4135-b041-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-08c4-4135-b041-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-08c4-4135-b041-244b0a019371",
"value": "http://imgur.com/d4ObKL0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-e778-4c75-a841-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-e778-4c75-a841-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-e778-4c75-a841-244b0a019371",
"value": "http://imgur.com/D6U06Ci"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-d990-4a08-b579-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-d990-4a08-b579-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-d990-4a08-b579-244b0a019371",
"value": "http://imgur.com/GZSK9zI"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-c0dc-4d7c-9d79-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-c0dc-4d7c-9d79-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-c0dc-4d7c-9d79-244b0a019371",
"value": "http://imgur.com/wcMk7a2"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-19f8-4153-9e84-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-19f8-4153-9e84-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-19f8-4153-9e84-244b0a019371",
"value": "http://imgur.com/WMTwSMJ"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-4754-4a4a-bc66-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-4754-4a4a-bc66-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-4754-4a4a-bc66-244b0a019371",
"value": "http://imgur.com/WOKHonk"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-e4a8-42be-9860-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-e4a8-42be-9860-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-e4a8-42be-9860-244b0a019371",
"value": "http://imgur.com/XFa7Ee1"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-34c8-45be-b9c6-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-34c8-45be-b9c6-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-34c8-45be-b9c6-244b0a019371",
"value": "http://jack998899jack.imgbb.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-1c78-424a-8957-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-1c78-424a-8957-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-1c78-424a-8957-244b0a019371",
"value": "http://simp.ly/publish/pBn8Jt"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-684c-45e0-bf7d-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-684c-45e0-bf7d-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-684c-45e0-bf7d-244b0a019371",
"value": "http://thinkery.me/billywilliams/5a0170161cb602262f000d2c"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-4b70-4e3c-97d7-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-4b70-4e3c-97d7-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-4b70-4e3c-97d7-244b0a019371",
"value": "http://twitter.com/aimeefleming25"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-af58-4b15-bc0c-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-af58-4b15-bc0c-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-af58-4b15-bc0c-244b0a019371",
"value": "http://twitter.com/hen_rivero"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-7e08-40df-bc6d-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-7e08-40df-bc6d-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-7e08-40df-bc6d-244b0a019371",
"value": "http://twitter.com/JamesScott1990"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-f4d4-499e-9ad1-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-f4d4-499e-9ad1-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-f4d4-499e-9ad1-244b0a019371",
"value": "http://twitter.com/KarimM_traveler"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-23a8-4073-a28b-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-23a8-4073-a28b-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-23a8-4073-a28b-244b0a019371",
"value": "http://twitter.com/lerg5pvo1i"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-ee28-414f-b997-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-ee28-414f-b997-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-ee28-414f-b997-244b0a019371",
"value": "http://twitter.com/m63vhd7ach3"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-2a28-4405-8359-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-2a28-4405-8359-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-2a28-4405-8359-244b0a019371",
"value": "http://twitter.com/MarlinTarin"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-8e90-4f56-a4f2-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-8e90-4f56-a4f2-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-8e90-4f56-a4f2-244b0a019371",
"value": "http://twitter.com/np8j7ovqdl"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-57c0-4f8b-b4fd-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-57c0-4f8b-b4fd-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-57c0-4f8b-b4fd-244b0a019371",
"value": "http://twitter.com/q5euqysfu5"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-ebd8-4e88-8f89-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-ebd8-4e88-8f89-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-ebd8-4e88-8f89-244b0a019371",
"value": "http://twitter.com/qistp743li"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-1fd8-449a-bcca-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-1fd8-449a-bcca-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-1fd8-449a-bcca-244b0a019371",
"value": "http://twitter.com/t8t842io2"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-f204-4212-9bf0-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-f204-4212-9bf0-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-f204-4212-9bf0-244b0a019371",
"value": "http://twitter.com/ua6ivyxkfv"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-f86c-4c2c-8488-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-f86c-4c2c-8488-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-f86c-4c2c-8488-244b0a019371",
"value": "http://twitter.com/utyi5asko02"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-3374-45d5-9e50-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-3374-45d5-9e50-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-3374-45d5-9e50-244b0a019371",
"value": "http://twitter.com/vgmmmyqaq"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-43e8-42db-9dff-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-43e8-42db-9dff-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-43e8-42db-9dff-244b0a019371",
"value": "http://twitter.com/vvwc63tgz"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-8d00-4008-a567-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-8d00-4008-a567-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-8d00-4008-a567-244b0a019371",
"value": "http://twitter.com/wekcddkg2ra"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-92e8-4fb5-a248-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-92e8-4fb5-a248-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-92e8-4fb5-a248-244b0a019371",
"value": "http://twitter.com/xzg3a2e2z"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-d0ac-4e23-8073-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-16T09:35:10.000Z",
"modified": "2019-10-16T09:35:10.000Z",
"first_observed": "2019-10-16T09:35:10Z",
"last_observed": "2019-10-16T09:35:10Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-d0ac-4e23-8073-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-d0ac-4e23-8073-244b0a019371",
"value": "http://www.evernote.com/shard/s675/sh/6686ff4e-8896-499b-8cdb-a2bbf2cc4db9/fc7fbe66c820f17c30147235e95d31b8"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-dd60-40ae-8193-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-dd60-40ae-8193-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-dd60-40ae-8193-244b0a019371",
"value": "http://www.fotolog.com/g1h4wuiz6"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-5b00-4262-a7b8-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-5b00-4262-a7b8-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-5b00-4262-a7b8-244b0a019371",
"value": "http://www.fotolog.com/gf3z425rr0"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-7810-479d-83f3-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-7810-479d-83f3-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-7810-479d-83f3-244b0a019371",
"value": "http://www.fotolog.com/i4ntff47xfw"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-1d58-475f-b0a1-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-1d58-475f-b0a1-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-1d58-475f-b0a1-244b0a019371",
"value": "http://www.fotolog.com/joannevil/121000000000030009/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-e1e0-4b90-ac29-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-e1e0-4b90-ac29-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-e1e0-4b90-ac29-244b0a019371",
"value": "http://www.fotolog.com/o2rh2s2x7pu"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-fa88-455d-81df-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-fa88-455d-81df-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-fa88-455d-81df-244b0a019371",
"value": "http://www.fotolog.com/q4tusizx9xb"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-f454-4a69-800d-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-f454-4a69-800d-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-f454-4a69-800d-244b0a019371",
"value": "http://www.fotolog.com/rypnil03sl6"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-8a20-4d7c-9c2b-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-8a20-4d7c-9c2b-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-8a20-4d7c-9c2b-244b0a019371",
"value": "http://www.fotolog.com/shx8hypubt"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-cc94-4a3f-8188-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-cc94-4a3f-8188-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-cc94-4a3f-8188-244b0a019371",
"value": "http://www.fotolog.com/u99aliw5g"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-6850-4edc-a27a-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-6850-4edc-a27a-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-6850-4edc-a27a-244b0a019371",
"value": "http://www.fotolog.com/uq44y4j19m8"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-9718-4951-a03f-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-9718-4951-a03f-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-9718-4951-a03f-244b0a019371",
"value": "http://www.fotolog.com/vq21p34"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-b344-4e20-83df-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-b344-4e20-83df-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-b344-4e20-83df-244b0a019371",
"value": "http://www.fotolog.com/vz1g3wmwu"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-bcb0-4d3c-8399-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-bcb0-4d3c-8399-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-bcb0-4d3c-8399-244b0a019371",
"value": "http://www.fotolog.com/zu2of5vyfl6"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-af10-419a-a616-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-af10-419a-a616-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-af10-419a-a616-244b0a019371",
"value": "http://www.google.com/?gws_rd=ssl#q=Heiofjskghwe+Hjwefkbqw"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-32e4-4037-907f-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-32e4-4037-907f-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-32e4-4037-907f-244b0a019371",
"value": "http://www.kiwibox.com/AfricanRugby/info/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-2990-4c1a-af9d-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-2990-4c1a-af9d-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-2990-4c1a-af9d-244b0a019371",
"value": "http://www.kiwibox.com/GaryPhotographe/info/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-ce34-4474-8848-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-ce34-4474-8848-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-ce34-4474-8848-244b0a019371",
"value": "http://www.reddit.com/user/BeaumontV/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5280-8ef8-4149-8f81-244b0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:08.000Z",
"modified": "2019-10-07T14:58:08.000Z",
"first_observed": "2019-10-07T14:58:08Z",
"last_observed": "2019-10-07T14:58:08Z",
"number_observed": 1,
"object_refs": [
"url--5d9b5280-8ef8-4149-8f81-244b0a019371"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5d9b5280-8ef8-4149-8f81-244b0a019371",
"value": "http://www.reddit.com/user/StevensThomasWis/"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5299-d71c-4634-b0cd-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:33.000Z",
"modified": "2019-10-07T14:58:33.000Z",
"first_observed": "2019-10-07T14:58:33Z",
"last_observed": "2019-10-07T14:58:33Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b5299-d71c-4634-b0cd-5d8c0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b5299-d71c-4634-b0cd-5d8c0a019371",
"value": "acciaio.com.br"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5299-9690-4856-93cc-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:33.000Z",
"modified": "2019-10-07T14:58:33.000Z",
"first_observed": "2019-10-07T14:58:33Z",
"last_observed": "2019-10-07T14:58:33Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b5299-9690-4856-93cc-5d8c0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b5299-9690-4856-93cc-5d8c0a019371",
"value": "ceycarb.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5299-aed4-4bd9-a01f-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:33.000Z",
"modified": "2019-10-07T14:58:33.000Z",
"first_observed": "2019-10-07T14:58:33Z",
"last_observed": "2019-10-07T14:58:33Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b5299-aed4-4bd9-a01f-5d8c0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b5299-aed4-4bd9-a01f-5d8c0a019371",
"value": "coachandcook.at"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5299-ecbc-47bd-9803-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:33.000Z",
"modified": "2019-10-07T14:58:33.000Z",
"first_observed": "2019-10-07T14:58:33Z",
"last_observed": "2019-10-07T14:58:33Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b5299-ecbc-47bd-9803-5d8c0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b5299-ecbc-47bd-9803-5d8c0a019371",
"value": "fisioterapiabb.it"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5299-ffac-4393-a3bd-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:33.000Z",
"modified": "2019-10-07T14:58:33.000Z",
"first_observed": "2019-10-07T14:58:33Z",
"last_observed": "2019-10-07T14:58:33Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b5299-ffac-4393-a3bd-5d8c0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b5299-ffac-4393-a3bd-5d8c0a019371",
"value": "lorriratzlaff.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5299-78ac-44c7-939a-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:33.000Z",
"modified": "2019-10-07T14:58:33.000Z",
"first_observed": "2019-10-07T14:58:33Z",
"last_observed": "2019-10-07T14:58:33Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b5299-78ac-44c7-939a-5d8c0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b5299-78ac-44c7-939a-5d8c0a019371",
"value": "mavin21c.dothome.co.kr"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5299-279c-4661-a5cf-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:33.000Z",
"modified": "2019-10-07T14:58:33.000Z",
"first_observed": "2019-10-07T14:58:33Z",
"last_observed": "2019-10-07T14:58:33Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b5299-279c-4661-a5cf-5d8c0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b5299-279c-4661-a5cf-5d8c0a019371",
"value": "motherlodebulldogclub.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5299-8b04-4f83-9e97-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:33.000Z",
"modified": "2019-10-07T14:58:33.000Z",
"first_observed": "2019-10-07T14:58:33Z",
"last_observed": "2019-10-07T14:58:33Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b5299-8b04-4f83-9e97-5d8c0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b5299-8b04-4f83-9e97-5d8c0a019371",
"value": "powerpolymerindustry.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5299-08fc-46c2-bb47-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:33.000Z",
"modified": "2019-10-07T14:58:33.000Z",
"first_observed": "2019-10-07T14:58:33Z",
"last_observed": "2019-10-07T14:58:33Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b5299-08fc-46c2-bb47-5d8c0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b5299-08fc-46c2-bb47-5d8c0a019371",
"value": "publiccouncil.org"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5299-a39c-4b8e-b592-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:33.000Z",
"modified": "2019-10-07T14:58:33.000Z",
"first_observed": "2019-10-07T14:58:33Z",
"last_observed": "2019-10-07T14:58:33Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b5299-a39c-4b8e-b592-5d8c0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b5299-a39c-4b8e-b592-5d8c0a019371",
"value": "rulourialuminiu.co.uk"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5299-4584-4b2c-bf57-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:33.000Z",
"modified": "2019-10-07T14:58:33.000Z",
"first_observed": "2019-10-07T14:58:33Z",
"last_observed": "2019-10-07T14:58:33Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b5299-4584-4b2c-bf57-5d8c0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b5299-4584-4b2c-bf57-5d8c0a019371",
"value": "sistemikan.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b5299-8a10-48d9-abd0-5d8c0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:33.000Z",
"modified": "2019-10-07T14:58:33.000Z",
"first_observed": "2019-10-07T14:58:33Z",
"last_observed": "2019-10-07T14:58:33Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b5299-8a10-48d9-abd0-5d8c0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b5299-8a10-48d9-abd0-5d8c0a019371",
"value": "varuhusmc.org"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b52b3-692c-42fd-8777-68ba0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:59.000Z",
"modified": "2019-10-07T14:58:59.000Z",
"first_observed": "2019-10-07T14:58:59Z",
"last_observed": "2019-10-07T14:58:59Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b52b3-692c-42fd-8777-68ba0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b52b3-692c-42fd-8777-68ba0a019371",
"value": "ecolesndmessines.org"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b52b3-a030-462c-841c-68ba0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:58:59.000Z",
"modified": "2019-10-07T14:58:59.000Z",
"first_observed": "2019-10-07T14:58:59Z",
"last_observed": "2019-10-07T14:58:59Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b52b3-a030-462c-841c-68ba0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b52b3-a030-462c-841c-68ba0a019371",
"value": "salesappliances.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b52c4-6a88-4f09-8ce9-646f0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:59:16.000Z",
"modified": "2019-10-07T14:59:16.000Z",
"first_observed": "2019-10-07T14:59:16Z",
"last_observed": "2019-10-07T14:59:16Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b52c4-6a88-4f09-8ce9-646f0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b52c4-6a88-4f09-8ce9-646f0a019371",
"value": "busseylawoffice.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b52c4-44c0-421c-bbf8-646f0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:59:16.000Z",
"modified": "2019-10-07T14:59:16.000Z",
"first_observed": "2019-10-07T14:59:16Z",
"last_observed": "2019-10-07T14:59:16Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b52c4-44c0-421c-bbf8-646f0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b52c4-44c0-421c-bbf8-646f0a019371",
"value": "fairfieldsch.org"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b52c4-d48c-473f-a0f5-646f0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:59:16.000Z",
"modified": "2019-10-07T14:59:16.000Z",
"first_observed": "2019-10-07T14:59:16Z",
"last_observed": "2019-10-07T14:59:16Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b52c4-d48c-473f-a0f5-646f0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b52c4-d48c-473f-a0f5-646f0a019371",
"value": "ministernetwork.org"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b52c4-ac58-483f-9134-646f0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:59:16.000Z",
"modified": "2019-10-07T14:59:16.000Z",
"first_observed": "2019-10-07T14:59:16Z",
"last_observed": "2019-10-07T14:59:16Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b52c4-ac58-483f-9134-646f0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b52c4-ac58-483f-9134-646f0a019371",
"value": "skagenyoga.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b52c4-a184-4467-b8a8-646f0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:59:16.000Z",
"modified": "2019-10-07T14:59:16.000Z",
"first_observed": "2019-10-07T14:59:16Z",
"last_observed": "2019-10-07T14:59:16Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b52c4-a184-4467-b8a8-646f0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b52c4-a184-4467-b8a8-646f0a019371",
"value": "westmedicalgroup.net"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5d9b52d2-12f4-4be6-9e91-5c5f0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-07T14:59:30.000Z",
"modified": "2019-10-07T14:59:30.000Z",
"first_observed": "2019-10-07T14:59:30Z",
"last_observed": "2019-10-07T14:59:30Z",
"number_observed": 1,
"object_refs": [
"domain-name--5d9b52d2-12f4-4be6-9e91-5c5f0a019371"
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--5d9b52d2-12f4-4be6-9e91-5c5f0a019371",
"value": "bandabonga.fr"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5da6e0e8-c12c-42c3-a3c3-7b6a0a019371",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-23T18:24:04.000Z",
"modified": "2019-10-23T18:24:04.000Z",
"first_observed": "2019-10-23T18:24:04Z",
"last_observed": "2019-10-23T18:24:04Z",
"number_observed": 1,
"object_refs": [
"url--5da6e0e8-c12c-42c3-a3c3-7b6a0a019371"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5da6e0e8-c12c-42c3-a3c3-7b6a0a019371",
"value": "https://www.welivesecurity.com/wp-content/uploads/2019/10/ESET_Operation_Ghost_Dukes.pdf"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5da84c74-3a94-4f8d-87ee-2de0ac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2021-06-01T13:10:01.000Z",
"modified": "2021-06-01T13:10:01.000Z",
"first_observed": "2021-06-01T13:10:01Z",
"last_observed": "2021-06-01T13:10:01Z",
"number_observed": 1,
"object_refs": [
"url--5da84c74-3a94-4f8d-87ee-2de0ac1d4fa4"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5da84c74-3a94-4f8d-87ee-2de0ac1d4fa4",
"value": "https://www.welivesecurity.com/2019/10/17/operation-ghost-dukes-never-left/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da878f0-1300-4ce9-9e0a-2132ac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T14:21:36.000Z",
"modified": "2019-10-17T14:21:36.000Z",
"description": "LiteDuke",
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Windows NT 6.2; WOW64; rv:23.0) Gecko/20100101 Firefox/23.0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T14:21:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da878f0-6e74-4476-8910-2132ac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T14:21:36.000Z",
"modified": "2019-10-17T14:21:36.000Z",
"description": "LiteDuke",
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.13(KHTML, like Gecko) Chrome/9.0.597.98 Safari/534.13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T14:21:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da878f0-69d0-4357-b2b1-2132ac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T14:21:36.000Z",
"modified": "2019-10-17T14:21:36.000Z",
"description": "LiteDuke",
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US) AppleWebKit/533.19.4 (KHTML, like Gecko) Version/5.0.3 Safari/533.19.4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T14:21:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da878f0-6bd0-4eb2-9b79-2132ac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T14:21:36.000Z",
"modified": "2019-10-17T14:21:36.000Z",
"description": "LiteDuke",
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Opera/9.80 (Windows NT 5.1; U; en-US) Presto/2.7.62 Version/11.01']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T14:21:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da878f0-6990-4395-b64b-2132ac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T14:21:36.000Z",
"modified": "2019-10-17T14:21:36.000Z",
"description": "LiteDuke",
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729)']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T14:21:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da8705f-99a8-47bd-a02d-2180ac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T13:45:03.000Z",
"modified": "2019-10-17T13:45:03.000Z",
"description": "FatDuke",
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Windows; Windows NT 6.1) AppleWebKit/534.57.2 (KHTML, like Gecko) Version/5.1.7 Safari/534.57.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T13:45:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da8705f-7d18-4de8-b4e2-2180ac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T13:45:03.000Z",
"modified": "2019-10-17T13:45:03.000Z",
"description": "FatDuke",
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/37.0.2062.35 Safari/537.36 OPR/24.0.1558.21']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T13:45:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5da8705f-fc2c-405f-80a4-2180ac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2020-08-27T10:59:37.000Z",
"modified": "2020-08-27T10:59:37.000Z",
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_comment": "FatDuke",
"x_misp_type": "user-agent",
"x_misp_value": "Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0)"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da8705f-daa8-4319-9aea-2180ac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T13:45:03.000Z",
"modified": "2019-10-17T13:45:03.000Z",
"description": "FatDuke",
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T13:45:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da86f11-6b00-48fc-9e42-2d68ac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T13:43:34.000Z",
"modified": "2019-10-17T13:43:34.000Z",
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:34.0) Gecko/20100101 Firefox/34.0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T13:43:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da86085-6120-4903-b787-5986ac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T13:34:46.000Z",
"modified": "2019-10-17T13:34:46.000Z",
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/5.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; GTB7.4; InfoPath.2; SV1; .NET CLR 3.3.69573; WOW64; en-US)']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T13:34:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"user-agent\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da8663d-be44-4698-9b1c-571cac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T13:01:49.000Z",
"modified": "2019-10-17T13:01:49.000Z",
"pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\MSBuild\\\\4.0' AND windows-registry-key:values.data = 'MSBuildOverride-TasksPath']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T13:01:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey|value\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da8663d-1678-4340-85c8-571cac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T13:01:49.000Z",
"modified": "2019-10-17T13:01:49.000Z",
"pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\MSBuild\\\\4.0' AND windows-registry-key:values.data = 'DefaultLibs']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T13:01:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey|value\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da8663d-2efc-4817-9207-571cac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T13:01:49.000Z",
"modified": "2019-10-17T13:01:49.000Z",
"pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Intel\\\\MediaSDK\\\\Dispatch\\\\hw64-s1-1' AND windows-registry-key:values.data = 'RootPath']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T13:01:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey|value\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da8663d-5818-4164-bc18-571cac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T13:01:49.000Z",
"modified": "2019-10-17T13:01:49.000Z",
"pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Intel\\\\MediaSDK\\\\Dispatch\\\\hw64-s1-1' AND windows-registry-key:values.data = 'APIModule']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T13:01:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey|value\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da8663d-ffa8-451d-84a2-571cac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T13:01:49.000Z",
"modified": "2019-10-17T13:01:49.000Z",
"pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Intel\\\\MediaSDK\\\\Dispatch\\\\hw64-s1-1' AND windows-registry-key:values.data = 'Stack']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T13:01:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey|value\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da8663d-a774-43ec-8f0e-571cac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T13:01:49.000Z",
"modified": "2019-10-17T13:01:49.000Z",
"pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Intel\\\\MediaSDK\\\\Dispatch\\\\0102' AND windows-registry-key:values.data = 'PathCPA']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T13:01:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey|value\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da8663d-d6bc-4d24-9bfa-571cac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T13:01:49.000Z",
"modified": "2019-10-17T13:01:49.000Z",
"pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Intel\\\\MediaSDK\\\\Dispatch\\\\0102' AND windows-registry-key:values.data = 'CPAModule']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T13:01:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey|value\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da8663d-ca38-4e38-894a-571cac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T13:01:49.000Z",
"modified": "2019-10-17T13:01:49.000Z",
"pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Microsoft\\\\MSBuild\\\\4.0' AND windows-registry-key:values.data = 'BinaryCache']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T13:01:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey|value\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5da8663d-4f90-4517-a01f-571cac1d4fa4",
"created_by_ref": "identity--55f6ea5e-51ac-4344-bc8c-4170950d210f",
"created": "2019-10-17T13:01:49.000Z",
"modified": "2019-10-17T13:01:49.000Z",
"pattern": "[windows-registry-key:key = 'HKEY_LOCAL_MACHINE\\\\SOFTWARE\\\\Intel\\\\MediaSDK\\\\Dispatch\\\\0102' AND windows-registry-key:values.data = 'Init']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-10-17T13:01:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"regkey|value\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink