misp-circl-feed/feeds/circl/stix-2.1/58b87da8-48a4-4d5a-aac4-6a4902de0b81.json

{
    "type": "bundle",
    "id": "bundle--58b87da8-48a4-4d5a-aac4-6a4902de0b81",
    "objects": [
        {
            "type": "identity",
            "spec_version": "2.1",
            "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "name": "CIRCL",
            "identity_class": "organization"
        },
        {
            "type": "report",
            "spec_version": "2.1",
            "id": "report--58b87da8-48a4-4d5a-aac4-6a4902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "name": "OSINT - Covert Channels and Poor Decisions: The Tale of DNSMessenger",
            "published": "2017-03-02T20:28:06Z",
            "object_refs": [
                "observed-data--58b87db6-8774-454e-ab1a-2dd902de0b81",
                "url--58b87db6-8774-454e-ab1a-2dd902de0b81",
                "x-misp-attribute--58b87df0-5704-44fe-b7d4-6a4602de0b81",
                "indicator--58b87e78-26c4-4fa2-a480-8f4002de0b81",
                "indicator--58b87e79-0958-4a3f-968e-8f4002de0b81",
                "indicator--58b87e79-24f4-4105-b0a4-8f4002de0b81",
                "indicator--58b87e7a-a9f0-4a9a-9f4d-8f4002de0b81",
                "indicator--58b87e7b-5108-48c3-b27f-8f4002de0b81",
                "indicator--58b87e7c-0ef0-46b1-940c-8f4002de0b81",
                "indicator--58b87e7d-ee4c-4054-81c5-8f4002de0b81",
                "indicator--58b87e7d-08c8-4a2d-96cc-8f4002de0b81",
                "indicator--58b87e7e-73f4-4cff-b172-8f4002de0b81",
                "indicator--58b87e7f-a214-44a6-aae4-8f4002de0b81",
                "indicator--58b87e80-3d70-4f37-a57d-8f4002de0b81",
                "indicator--58b87e81-5be8-46fc-99e2-8f4002de0b81",
                "indicator--58b87e81-de60-44f5-85e5-8f4002de0b81",
                "indicator--58b87e82-c338-48bd-b4a7-8f4002de0b81",
                "indicator--58b87e83-e494-46c4-bf87-8f4002de0b81",
                "indicator--58b87e84-2964-4fe4-8d8a-8f4002de0b81",
                "indicator--58b87e84-7590-45f7-8a16-8f4002de0b81",
                "indicator--58b87e85-23e8-401c-97b1-8f4002de0b81",
                "indicator--58b87e86-4410-4101-b9e8-8f4002de0b81",
                "indicator--58b87e87-4ddc-4d91-b1ae-8f4002de0b81",
                "indicator--58b87e88-b9b0-4965-ab9d-8f4002de0b81",
                "indicator--58b87e89-1588-449c-b7a8-8f4002de0b81",
                "indicator--58b87e8a-21f0-4663-b163-8f4002de0b81",
                "indicator--58b87e8a-0674-4903-bb8c-8f4002de0b81",
                "indicator--58b87e8b-b7e0-400d-a030-8f4002de0b81",
                "indicator--58b87e8c-67a4-4b8e-b84c-8f4002de0b81",
                "indicator--58b87e8d-35e8-4980-b3f3-8f4002de0b81",
                "indicator--58b87e8e-9db8-4954-8f57-8f4002de0b81",
                "indicator--58b87e8f-2cb0-480f-9869-8f4002de0b81",
                "indicator--58b87e8f-861c-43b8-ad24-8f4002de0b81",
                "indicator--58b87e90-3cdc-417c-b4e5-8f4002de0b81",
                "indicator--58b87e91-a690-4963-a30b-8f4002de0b81",
                "indicator--58b87e92-25b4-47cd-8982-8f4002de0b81",
                "indicator--58b87e93-86ac-47b7-9dd4-8f4002de0b81",
                "indicator--58b87e93-97fc-464a-9bbf-8f4002de0b81",
                "indicator--58b87e94-58f8-493e-a144-8f4002de0b81",
                "indicator--58b87e95-f168-48e2-b43b-8f4002de0b81",
                "indicator--58b87e96-5248-4011-a7c8-8f4002de0b81",
                "indicator--58b87e97-3d70-4e71-92b7-8f4002de0b81",
                "indicator--58b87e97-aeec-4ffe-83eb-8f4002de0b81",
                "indicator--58b87e98-68a0-4b0b-b491-8f4002de0b81",
                "indicator--58b87e99-fba8-4faa-b4d0-8f4002de0b81",
                "indicator--58b87e9a-c284-456c-aa81-8f4002de0b81",
                "indicator--58b87e9b-cfa4-4fe2-b0e8-8f4002de0b81",
                "indicator--58b87e9b-877c-4cec-ae71-8f4002de0b81",
                "indicator--58b87e9c-38b0-4ca0-8d8f-8f4002de0b81",
                "indicator--58b87e9d-74a0-48a5-b2d6-8f4002de0b81",
                "indicator--58b87e9e-d600-4f19-a550-8f4002de0b81",
                "indicator--58b87e9e-61f0-4771-9821-8f4002de0b81",
                "indicator--58b87e9f-cb2c-4a1b-9bbe-8f4002de0b81",
                "indicator--58b87ea0-d238-46f9-80bb-8f4002de0b81",
                "indicator--58b87ea1-6560-4f24-b0b8-8f4002de0b81",
                "indicator--58b87ea2-4a08-41dd-9c2c-8f4002de0b81",
                "indicator--58b87ea2-0c50-471f-8b4d-8f4002de0b81",
                "indicator--58b87ea3-73a4-4c2f-a34b-8f4002de0b81",
                "indicator--58b87ea4-e380-4d3d-9277-8f4002de0b81",
                "indicator--58b87ea5-a9b0-45f8-8cda-8f4002de0b81",
                "indicator--58b87ea5-da44-4ac9-87a0-8f4002de0b81",
                "indicator--58b87ea6-a0d8-4a90-958f-8f4002de0b81",
                "indicator--58b87ea7-b008-4bb4-80b4-8f4002de0b81",
                "indicator--58b87ea8-0db8-4112-857a-8f4002de0b81",
                "indicator--58b87ea8-9980-4a6c-ace8-8f4002de0b81",
                "indicator--58b87ea9-225c-4a77-992d-8f4002de0b81",
                "indicator--58b87eaa-9944-4f95-aecf-8f4002de0b81",
                "indicator--58b87eab-9d14-48fe-b3f7-8f4002de0b81",
                "indicator--58b87eab-d524-4fca-a7a7-8f4002de0b81",
                "indicator--58b87eac-2c28-4ec3-9f3f-8f4002de0b81",
                "indicator--58b87ead-59f4-480d-87ca-8f4002de0b81",
                "indicator--58b87eae-d0fc-4dbe-8a51-8f4002de0b81",
                "indicator--58b87eaf-3988-4424-a389-8f4002de0b81",
                "indicator--58b87eaf-a818-4b93-b966-8f4002de0b81",
                "indicator--58b87eb0-0ebc-4bcc-a66e-8f4002de0b81",
                "indicator--58b87eb1-15ec-4357-bc6d-8f4002de0b81",
                "indicator--58b87eb2-c7a8-4cd1-ac01-8f4002de0b81",
                "indicator--58b87eb2-3610-42df-bbdd-8f4002de0b81",
                "indicator--58b87eb3-c584-4fe6-b141-8f4002de0b81",
                "indicator--58b87eb4-dfa4-4e06-85c6-8f4002de0b81",
                "indicator--58b87eb5-1138-4f3c-8f7f-8f4002de0b81",
                "indicator--58b87eb6-950c-4a97-b42a-8f4002de0b81",
                "indicator--58b87eb6-4c24-4321-a77b-8f4002de0b81",
                "indicator--58b87eb7-38cc-453c-832e-8f4002de0b81",
                "indicator--58b87eb8-b2c0-4214-8c65-8f4002de0b81",
                "indicator--58b87eb9-6d38-405d-b05d-8f4002de0b81",
                "indicator--58b87eb9-d8a8-4753-89a9-8f4002de0b81",
                "indicator--58b87eba-8b4c-4608-a395-8f4002de0b81",
                "indicator--58b87ebb-7b9c-4e79-a1b5-8f4002de0b81",
                "indicator--58b87ebc-5564-48af-9304-8f4002de0b81",
                "indicator--58b87ebc-4aec-4a49-a5a0-8f4002de0b81",
                "indicator--58b87ebd-347c-4a05-9d2c-8f4002de0b81",
                "indicator--58b87ebe-ce74-4024-a4eb-8f4002de0b81",
                "indicator--58b87ebf-f4e8-4a83-9cd8-8f4002de0b81",
                "indicator--58b87ec0-d6b0-42d4-9fbb-8f4002de0b81",
                "indicator--58b87ec0-42a4-4aa0-b97d-8f4002de0b81",
                "indicator--58b87ec1-1064-46cf-a8d5-8f4002de0b81",
                "indicator--58b87ec2-5ed0-4a32-bd1e-8f4002de0b81",
                "indicator--58b87ec3-f038-4ef5-90b8-8f4002de0b81",
                "indicator--58b87ec3-d94c-4d9b-82f7-8f4002de0b81",
                "indicator--58b87ec4-382c-4a96-86cd-8f4002de0b81",
                "indicator--58b87ec5-ff3c-4686-ba6e-8f4002de0b81",
                "indicator--58b87ec6-bce8-4e91-a37b-8f4002de0b81",
                "indicator--58b87ec6-71f4-4112-9c60-8f4002de0b81",
                "indicator--58b87ec7-61c4-4800-a823-8f4002de0b81",
                "indicator--58b87ec8-aecc-4f47-b6c6-8f4002de0b81",
                "indicator--58b87ec9-eb9c-4d2b-ae64-8f4002de0b81",
                "indicator--58b87eca-1754-4592-aa90-8f4002de0b81",
                "indicator--58b87eca-23bc-41ce-ba8e-8f4002de0b81",
                "indicator--58b87eea-829c-4521-b0e5-40a602de0b81",
                "indicator--58b87eea-3e70-4b6e-b1db-4cca02de0b81",
                "indicator--58b87eeb-7138-493f-bb6b-4deb02de0b81",
                "indicator--58b87eec-29c8-4475-aecc-4fd602de0b81",
                "indicator--58b87eed-ba54-4625-a560-4c1602de0b81",
                "indicator--58b87eee-0408-450a-ab00-40fe02de0b81",
                "indicator--58b87eee-a180-45b6-bad1-464b02de0b81",
                "indicator--58b87eef-411c-471f-9770-485f02de0b81",
                "indicator--58b87f91-bc74-4999-b3c5-6a4902de0b81",
                "indicator--58b87f92-5c4c-45ca-85a5-6a4902de0b81",
                "observed-data--58b87f93-8fec-42ec-9055-6a4902de0b81",
                "url--58b87f93-8fec-42ec-9055-6a4902de0b81"
            ],
            "labels": [
                "Threat-Report",
                "misp:tool=\"MISP-STIX-Converter\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--58b87db6-8774-454e-ab1a-2dd902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "first_observed": "2017-03-02T20:24:53Z",
            "last_observed": "2017-03-02T20:24:53Z",
            "number_observed": 1,
            "object_refs": [
                "url--58b87db6-8774-454e-ab1a-2dd902de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\"",
                "admiralty-scale:source-reliability=\"b\"",
                "osint:source-type=\"blog-post\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--58b87db6-8774-454e-ab1a-2dd902de0b81",
            "value": "http://blog.talosintelligence.com/2017/03/dnsmessenger.html"
        },
        {
            "type": "x-misp-attribute",
            "spec_version": "2.1",
            "id": "x-misp-attribute--58b87df0-5704-44fe-b7d4-6a4602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "labels": [
                "misp:type=\"text\"",
                "misp:category=\"External analysis\"",
                "admiralty-scale:source-reliability=\"b\"",
                "osint:source-type=\"blog-post\""
            ],
            "object_marking_refs": [
                "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
            ],
            "x_misp_category": "External analysis",
            "x_misp_type": "text",
            "x_misp_value": "The Domain Name System (DNS) is one of the most commonly used Internet application protocols on corporate networks. It is responsible for providing name resolution so that network resources can be accessed by name, rather than requiring users to memorize IP addresses. While many organizations implement strict egress filtering as it pertains to web traffic, firewall rules, etc. many have less stringent controls in place to protect against DNS based threats. Attackers have recognized this and commonly encapsulate different network protocols within DNS to evade security devices.\r\n\r\nTypically this use of DNS is related to the exfiltration of information. Talos recently analyzed an interesting malware sample that made use of DNS TXT record queries and responses to create a bidirectional Command and Control (C2) channel. This allows the attacker to use DNS communications to submit new commands to be run on infected machines and return the results of the command execution to the attacker. This is an extremely uncommon and evasive way of administering a RAT. The use of multiple stages of Powershell with various stages being completely fileless indicates an attacker who has taken significant measures to avoid detection."
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e78-26c4-4fa2-a480-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'algew.me']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e79-0958-4a3f-968e-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'aloqd.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e79-24f4-4105-b0a4-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'bpee.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e7a-a9f0-4a9a-9f4d-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'bvyv.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e7b-5108-48c3-b27f-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'bwuk.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e7c-0ef0-46b1-940c-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'cgqy.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e7d-ee4c-4054-81c5-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'cihr.site']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e7d-08c8-4a2d-96cc-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'ckwl.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e7e-73f4-4cff-b172-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'cnmah.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e7f-a214-44a6-aae4-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'coec.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e80-3d70-4f37-a57d-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'cuuo.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e81-5be8-46fc-99e2-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'daskd.me']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e81-de60-44f5-85e5-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'dbxa.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e82-c338-48bd-b4a7-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'dlex.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e83-e494-46c4-bf87-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'doof.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e84-2964-4fe4-8d8a-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'dtxf.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e84-7590-45f7-8a16-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'dvso.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e85-23e8-401c-97b1-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'dyiud.com']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e86-4410-4101-b9e8-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'eady.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e87-4ddc-4d91-b1ae-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'enuv.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e88-b9b0-4965-ab9d-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'eter.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e89-1588-449c-b7a8-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'fbjz.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e8a-21f0-4663-b163-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'fhyi.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e8a-0674-4903-bb8c-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'futh.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e8b-b7e0-400d-a030-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'gjcu.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e8c-67a4-4b8e-b84c-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'gjuc.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e8d-35e8-4980-b3f3-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'gnoa.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e8e-9db8-4954-8f57-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'grij.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e8f-2cb0-480f-9869-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'gxhp.top']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e8f-861c-43b8-ad24-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'hvzr.info']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e90-3cdc-417c-b4e5-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'idjb.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e91-a690-4963-a30b-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'ihrs.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e92-25b4-47cd-8982-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'jimw.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e93-86ac-47b7-9dd4-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'jomp.site']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e93-97fc-464a-9bbf-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'jxhv.site']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e94-58f8-493e-a144-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'kjke.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e95-f168-48e2-b43b-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'kshv.site']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e96-5248-4011-a7c8-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'kwoe.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e97-3d70-4e71-92b7-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'ldzp.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e97-aeec-4ffe-83eb-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'lhlv.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e98-68a0-4b0b-b491-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'lnoy.site']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e99-fba8-4faa-b4d0-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'lvrm.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e9a-c284-456c-aa81-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'lvxf.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e9b-cfa4-4fe2-b0e8-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'mewt.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e9b-877c-4cec-ae71-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'mfka.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e9c-38b0-4ca0-8d8f-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'mjet.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e9d-74a0-48a5-b2d6-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'mjut.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e9e-d600-4f19-a550-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'mvze.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e9e-61f0-4771-9821-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'mxfg.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87e9f-cb2c-4a1b-9bbe-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'nroq.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ea0-d238-46f9-80bb-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'nwrr.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ea1-6560-4f24-b0b8-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'nxpu.site']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ea2-4a08-41dd-9c2c-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'oaax.site']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ea2-0c50-471f-8b4d-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'odwf.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ea3-73a4-4c2f-a34b-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'odyr.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ea4-e380-4d3d-9277-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'okiq.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ea5-a9b0-45f8-8cda-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'oknz.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ea5-da44-4ac9-87a0-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'ooep.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ea6-a0d8-4a90-958f-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'ooyh.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ea7-b008-4bb4-80b4-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'otzd.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ea8-0db8-4112-857a-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'oxrp.info']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ea8-9980-4a6c-ace8-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'oyaw.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ea9-225c-4a77-992d-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'pafk.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eaa-9944-4f95-aecf-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'palj.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eab-9d14-48fe-b3f7-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'pbbk.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eab-d524-4fca-a7a7-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'ppdx.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eac-2c28-4ec3-9f3f-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'pvze.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ead-59f4-480d-87ca-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'qefg.info']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eae-d0fc-4dbe-8a51-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'qlpa.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eaf-3988-4424-a389-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'qznm.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eaf-a818-4b93-b966-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'reld.info']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eb0-0ebc-4bcc-a66e-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'rnkj.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eb1-15ec-4357-bc6d-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'rzzc.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eb2-c7a8-4cd1-ac01-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'sgvt.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eb2-3610-42df-bbdd-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'soru.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eb3-c584-4fe6-b141-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'swio.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eb4-dfa4-4e06-85c6-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'tijm.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eb5-1138-4f3c-8f7f-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'tsrs.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eb6-950c-4a97-b42a-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'turp.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eb6-4c24-4321-a77b-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'ueox.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eb7-38cc-453c-832e-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'ufyb.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eb8-b2c0-4214-8c65-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'utca.site']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eb9-6d38-405d-b05d-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'vdfe.site']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eb9-d8a8-4753-89a9-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'vjro.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eba-8b4c-4608-a395-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'vkpo.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ebb-7b9c-4e79-a1b5-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'vpua.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ebc-5564-48af-9304-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'vqba.info']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ebc-4aec-4a49-a5a0-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'vwcq.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ebd-347c-4a05-9d2c-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'vxqt.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ebe-ce74-4024-a4eb-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'vxwy.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ebf-f4e8-4a83-9cd8-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'wfsv.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ec0-d6b0-42d4-9fbb-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'wqiy.info']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ec0-42a4-4aa0-b97d-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'wvzu.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ec1-1064-46cf-a8d5-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'xhqd.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ec2-5ed0-4a32-bd1e-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'yamd.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ec3-f038-4ef5-90b8-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'yedq.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ec3-d94c-4d9b-82f7-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'yqox.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ec4-382c-4a96-86cd-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'ysxy.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ec5-ff3c-4686-ba6e-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'zcnt.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ec6-bce8-4e91-a37b-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'zdqp.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ec6-71f4-4112-9c60-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'zjav.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ec7-61c4-4800-a823-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'zjvz.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ec8-aecc-4f47-b6c6-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'zmyo.club']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87ec9-eb9c-4d2b-ae64-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'zody.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eca-1754-4592-aa90-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'zugh.us']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eca-23bc-41ce-ba8e-8f4002de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "description": "C2 Domains:",
            "pattern": "[domain-name:value = 'cspg.pw']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Network activity"
                }
            ],
            "labels": [
                "misp:type=\"domain\"",
                "misp:category=\"Network activity\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eea-829c-4521-b0e5-40a602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "pattern": "[file:hashes.SHA256 = 'f9e54609f1f4136da71dbab8f57c2e68e84bcdc32a58cc12ad5f86334ac0eacf']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eea-3e70-4b6e-b1db-4cca02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "pattern": "[file:hashes.SHA256 = 'f82baa39ba44d9b356eb5d904917ad36446083f29dced8c5b34454955da89174']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eeb-7138-493f-bb6b-4deb02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "pattern": "[file:hashes.SHA256 = '340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eec-29c8-4475-aecc-4fd602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "pattern": "[file:hashes.SHA256 = '7f0a314f15a6f20ca6dced545fbc9ef8c1634f9ff8eb736deab73e46ae131458']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eed-ba54-4625-a560-4c1602de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "pattern": "[file:hashes.SHA256 = 'be5f4bfa35fc1b350d38d8ddc8e88d2dd357b84f254318b1f3b07160c3900750']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eee-0408-450a-ab00-40fe02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "pattern": "[file:hashes.SHA256 = '9b955d9d7f62d405da9cf05425c9b6dd3738ce09160c8a75d396a6de229d9dd7']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eee-a180-45b6-bad1-464b02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "pattern": "[file:hashes.SHA256 = 'fd6e7fc11a325c498d73cf683ecbe90ddbf0e1ae1d540b811012bd6980eed882']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87eef-411c-471f-9770-485f02de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:53.000Z",
            "modified": "2017-03-02T20:24:53.000Z",
            "pattern": "[file:hashes.SHA256 = '6bf9d311ed16e059f9538b4c24c836cf421cf5c0c1f756fdfdeb9e1792ada8ba']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:53Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha256\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87f91-bc74-4999-b3c5-6a4902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:49.000Z",
            "modified": "2017-03-02T20:24:49.000Z",
            "description": "- Xchecked via VT: 340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981",
            "pattern": "[file:hashes.SHA1 = 'd00225d485c597bea712e7c7baa4fba7d7f281e3']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:49Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"sha1\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "indicator",
            "spec_version": "2.1",
            "id": "indicator--58b87f92-5c4c-45ca-85a5-6a4902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:50.000Z",
            "modified": "2017-03-02T20:24:50.000Z",
            "description": "- Xchecked via VT: 340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981",
            "pattern": "[file:hashes.MD5 = '2abad0ae32dd72bac5da0af1e580a2eb']",
            "pattern_type": "stix",
            "pattern_version": "2.1",
            "valid_from": "2017-03-02T20:24:50Z",
            "kill_chain_phases": [
                {
                    "kill_chain_name": "misp-category",
                    "phase_name": "Payload delivery"
                }
            ],
            "labels": [
                "misp:type=\"md5\"",
                "misp:category=\"Payload delivery\"",
                "misp:to_ids=\"True\""
            ]
        },
        {
            "type": "observed-data",
            "spec_version": "2.1",
            "id": "observed-data--58b87f93-8fec-42ec-9055-6a4902de0b81",
            "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
            "created": "2017-03-02T20:24:51.000Z",
            "modified": "2017-03-02T20:24:51.000Z",
            "first_observed": "2017-03-02T20:24:51Z",
            "last_observed": "2017-03-02T20:24:51Z",
            "number_observed": 1,
            "object_refs": [
                "url--58b87f93-8fec-42ec-9055-6a4902de0b81"
            ],
            "labels": [
                "misp:type=\"link\"",
                "misp:category=\"External analysis\""
            ]
        },
        {
            "type": "url",
            "spec_version": "2.1",
            "id": "url--58b87f93-8fec-42ec-9055-6a4902de0b81",
            "value": "https://www.virustotal.com/file/340795d1f2c2bdab1f2382188a7b5c838e0a79d3f059d2db9eb274b0205f6981/analysis/1488479981/"
        },
        {
            "type": "marking-definition",
            "spec_version": "2.1",
            "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
            "created": "2017-01-20T00:00:00.000Z",
            "definition_type": "tlp",
            "name": "TLP:WHITE",
            "definition": {
                "tlp": "white"
            }
        }
    ]
}