misp-circl-feed/feeds/circl/misp/560c0a37-28c4-4654-a507-6221950d210b.json

3125 lines
No EOL
128 KiB
JSON

{
"type": "bundle",
"id": "bundle--560c0a37-28c4-4654-a507-6221950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-01T06:18:28.000Z",
"modified": "2015-10-01T06:18:28.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--560c0a37-28c4-4654-a507-6221950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-01T06:18:28.000Z",
"modified": "2015-10-01T06:18:28.000Z",
"name": "OSINT Dyreza Campaigners Set Sights on the Fulfillment and Warehousing Industry by ProofPoint",
"published": "2015-10-01T06:18:34Z",
"object_refs": [
"observed-data--560c0a4d-4754-4dba-a7df-2c1b950d210b",
"url--560c0a4d-4754-4dba-a7df-2c1b950d210b",
"indicator--560c0a9b-b39c-4a64-a56d-801c950d210b",
"indicator--560c0a9b-1554-4f61-a857-801c950d210b",
"indicator--560c0a9c-b960-4867-bba4-801c950d210b",
"indicator--560c0a9c-ea60-4aff-961a-801c950d210b",
"indicator--560c0a9c-c834-48c8-8e29-801c950d210b",
"indicator--560c0a9d-66f8-4597-bc7c-801c950d210b",
"indicator--560c0a9d-2eac-4c54-93b0-801c950d210b",
"indicator--560c0a9e-a340-4017-891b-801c950d210b",
"indicator--560c0a9e-ceac-4366-a142-801c950d210b",
"indicator--560c0a9f-5270-4277-818b-801c950d210b",
"indicator--560c0a9f-a68c-4d13-a607-801c950d210b",
"indicator--560c0aa0-1b10-43f0-9689-801c950d210b",
"indicator--560c0aa0-6f24-49b1-8dc0-801c950d210b",
"indicator--560c0aa0-9d08-4bc0-9487-801c950d210b",
"indicator--560c0aa1-83c4-4fbd-90e2-801c950d210b",
"indicator--560c0aa1-9190-4a79-8979-801c950d210b",
"indicator--560c0aa2-f1a4-4edd-a8d8-801c950d210b",
"indicator--560c0aa2-4b28-498a-8433-801c950d210b",
"indicator--560c0aa3-70c8-4791-80de-801c950d210b",
"indicator--560c0aa3-bdf0-4eff-9160-801c950d210b",
"indicator--560c0aa4-b060-4b9f-8297-801c950d210b",
"indicator--560c0aa4-0fbc-4ca1-b74a-801c950d210b",
"indicator--560c0aa5-c49c-4ce8-a8df-801c950d210b",
"indicator--560c0aa5-6acc-4924-aa38-801c950d210b",
"indicator--560c0aa6-6c64-431a-8afe-801c950d210b",
"indicator--560c0aa6-4868-4b4e-85e9-801c950d210b",
"indicator--560c0aa6-d4d4-408a-9f3f-801c950d210b",
"indicator--560c0aa7-d1b0-43a5-a905-801c950d210b",
"indicator--560c0aa7-6848-4ee5-9534-801c950d210b",
"indicator--560c0aa8-92e4-412b-ae18-801c950d210b",
"indicator--560c0aa8-a680-4744-905c-801c950d210b",
"indicator--560c0aa9-9888-4b5f-ae4e-801c950d210b",
"indicator--560c0aa9-8028-4576-953d-801c950d210b",
"indicator--560c0aaa-70fc-4fa8-a7b5-801c950d210b",
"indicator--560c0aaa-dfd0-454c-9f49-801c950d210b",
"indicator--560c0aab-a3f8-4236-9967-801c950d210b",
"indicator--560c0aab-4824-4614-97a9-801c950d210b",
"indicator--560c0aab-e19c-45ed-b835-801c950d210b",
"indicator--560c0aac-a130-4e36-a00f-801c950d210b",
"indicator--560c0aac-41fc-40db-8812-801c950d210b",
"indicator--560c0aad-8850-4d43-bb12-801c950d210b",
"indicator--560c0aad-a9c8-4ae4-82dc-801c950d210b",
"indicator--560c0aae-8180-44b7-800e-801c950d210b",
"indicator--560c0aae-afd8-4650-b899-801c950d210b",
"indicator--560c0aaf-92ac-448e-bb33-801c950d210b",
"indicator--560c0aaf-03cc-4af8-b00d-801c950d210b",
"indicator--560c0aaf-5834-4a02-a437-801c950d210b",
"indicator--560c0ab0-609c-414a-abe8-801c950d210b",
"indicator--560c0ab0-85b0-4233-9207-801c950d210b",
"indicator--560c0ab1-69c4-4bbe-bb56-801c950d210b",
"indicator--560c0ab1-fab0-4457-bde2-801c950d210b",
"indicator--560c0ab2-a508-48fa-94b6-801c950d210b",
"indicator--560c0ab2-c948-470c-9b77-801c950d210b",
"indicator--560c0ab3-19e8-49b0-8875-801c950d210b",
"indicator--560c0ab3-1dbc-4039-9443-801c950d210b",
"indicator--560c0ab3-f48c-4f43-abcb-801c950d210b",
"indicator--560c0b02-f7f8-4999-af1e-8024950d210b",
"indicator--560c0b03-76f0-4bd6-8b4a-8024950d210b",
"indicator--560c0b03-0800-4f9f-b294-8024950d210b",
"indicator--560c0b04-57f4-47e2-bb55-8024950d210b",
"indicator--560c0b04-a9c0-4ca8-915e-8024950d210b",
"indicator--560c0b04-a4e4-4ce0-9025-8024950d210b",
"indicator--560c0b05-e784-4dda-b82c-8024950d210b",
"indicator--560c0b05-a2d0-4696-b25c-8024950d210b",
"indicator--560c0b06-0388-40ca-a336-8024950d210b",
"indicator--560c0b07-f714-4b6c-a235-8024950d210b",
"indicator--560c0b07-bd58-456f-b9e2-8024950d210b",
"indicator--560c0b08-a104-4bef-9481-8024950d210b",
"indicator--560c0b09-5148-4e3a-9f4b-8024950d210b",
"indicator--560c0b0a-1250-40a9-ae80-8024950d210b",
"indicator--560c0b0a-21f4-41ca-b5ce-8024950d210b",
"indicator--560c0b0b-5338-4e84-b53d-8024950d210b",
"indicator--560c0b0c-9668-4567-b5f4-8024950d210b",
"indicator--560c0b0d-bb78-4575-98b9-8024950d210b",
"indicator--560c0b0e-86c0-4048-8088-8024950d210b",
"indicator--560c0b0e-828c-4788-8943-8024950d210b",
"indicator--560c0b0f-df50-4d35-b4a2-8024950d210b",
"indicator--560c0b10-3a08-4c66-84c1-8024950d210b",
"indicator--560c0b11-06a8-4aea-8b4c-8024950d210b",
"indicator--560c0b11-cd30-4183-b9c1-8024950d210b",
"indicator--560c0b12-caf8-4c72-ab6c-8024950d210b",
"indicator--560c0b13-ffac-4387-9f80-8024950d210b",
"indicator--560c0b14-5d18-4170-8182-8024950d210b",
"indicator--560c0b15-307c-4f97-b64d-8024950d210b",
"indicator--560c0b15-03c8-48e1-8392-8024950d210b",
"indicator--560c0b16-f550-4758-b165-8024950d210b",
"indicator--560c0b17-a588-4fbb-9572-8024950d210b",
"indicator--560c0b18-83a0-42fb-b0fd-8024950d210b",
"indicator--560c0b18-3f74-43cc-a026-8024950d210b",
"indicator--560c0b19-6be8-418b-8b24-8024950d210b",
"indicator--560c0b1a-d270-4ff2-92ac-8024950d210b",
"indicator--560c0b1b-1d5c-4876-9844-8024950d210b",
"indicator--560c0b1c-a6fc-43c7-86ff-8024950d210b",
"indicator--560c0b1c-fd24-4dd2-8b62-8024950d210b",
"indicator--560c0b1d-6db0-45ec-bdf4-8024950d210b",
"indicator--560c0b1e-2c10-46ae-9acb-8024950d210b",
"indicator--560c0b1f-d05c-4a90-8795-8024950d210b",
"indicator--560c0b1f-cd5c-45ab-9ce3-8024950d210b",
"indicator--560c0b20-f104-4d39-898b-8024950d210b",
"indicator--560c0b21-2ffc-46a6-ba4b-8024950d210b",
"indicator--560c0b22-f4fc-4ca4-884d-8024950d210b",
"indicator--560c0b23-a3ec-48d8-9a95-8024950d210b",
"indicator--560c0b51-2b14-448e-802c-801c950d210b",
"indicator--560c0b52-a140-4534-9cb3-801c950d210b",
"indicator--560c0b52-4d9c-4f09-b8b8-801c950d210b",
"indicator--560c0b6d-66a0-41c0-ad3c-8023950d210b",
"indicator--560c0b6d-de34-454b-bc5a-8023950d210b",
"indicator--560c0b6e-a818-4f1a-9e3f-8023950d210b",
"indicator--560c0ba9-0474-43a7-ab02-6789950d210b",
"indicator--560c0ba9-e23c-44cf-9560-6789950d210b",
"indicator--560c0baa-9064-4a68-a023-6789950d210b",
"indicator--560c0baa-58c4-4165-bc49-6789950d210b",
"indicator--560c0bab-13a4-4976-864d-6789950d210b",
"indicator--560cd020-8424-4fee-a01c-6221950d210b",
"indicator--560cd020-0a68-4277-860c-6221950d210b",
"observed-data--560cd021-3128-418d-8394-6221950d210b",
"url--560cd021-3128-418d-8394-6221950d210b",
"indicator--560cd021-7c28-437c-bb92-6221950d210b",
"indicator--560cd022-6bd8-4997-8302-6221950d210b",
"observed-data--560cd022-fc14-4020-8e06-6221950d210b",
"url--560cd022-fc14-4020-8e06-6221950d210b",
"indicator--560cd023-2e7c-46a8-8597-6221950d210b",
"indicator--560cd023-f5b0-45c7-ac21-6221950d210b",
"observed-data--560cd024-91ac-4d95-a274-6221950d210b",
"url--560cd024-91ac-4d95-a274-6221950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560c0a4d-4754-4dba-a7df-2c1b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:14:05.000Z",
"modified": "2015-09-30T16:14:05.000Z",
"first_observed": "2015-09-30T16:14:05Z",
"last_observed": "2015-09-30T16:14:05Z",
"number_observed": 1,
"object_refs": [
"url--560c0a4d-4754-4dba-a7df-2c1b950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--560c0a4d-4754-4dba-a7df-2c1b950d210b",
"value": "https://www.proofpoint.com/us/threat-insight/post/Dyreza-Campaigners-Sights-On-Fulfillment-Warehousing-Industry"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0a9b-b39c-4a64-a56d-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:23.000Z",
"modified": "2015-09-30T16:15:23.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.221.147.103']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0a9b-1554-4f61-a857-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:23.000Z",
"modified": "2015-09-30T16:15:23.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.221.156.105']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0a9c-b960-4867-bba4-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:23.000Z",
"modified": "2015-09-30T16:15:23.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.8.174.25']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0a9c-ea60-4aff-961a-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:24.000Z",
"modified": "2015-09-30T16:15:24.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.106.76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0a9c-c834-48c8-8e29-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:24.000Z",
"modified": "2015-09-30T16:15:24.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.252.48.79']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0a9d-66f8-4597-bc7c-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:25.000Z",
"modified": "2015-09-30T16:15:25.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.182.101.2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0a9d-2eac-4c54-93b0-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:25.000Z",
"modified": "2015-09-30T16:15:25.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '78.8.9.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0a9e-a340-4017-891b-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:26.000Z",
"modified": "2015-09-30T16:15:26.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.74.84.55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0a9e-ceac-4366-a142-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:26.000Z",
"modified": "2015-09-30T16:15:26.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.232.45.149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0a9f-5270-4277-818b-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:27.000Z",
"modified": "2015-09-30T16:15:27.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.232.45.40']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0a9f-a68c-4d13-a607-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:27.000Z",
"modified": "2015-09-30T16:15:27.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.221.156.165']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa0-1b10-43f0-9689-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:28.000Z",
"modified": "2015-09-30T16:15:28.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.161.51.115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa0-6f24-49b1-8dc0-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:28.000Z",
"modified": "2015-09-30T16:15:28.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.87.63.98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa0-9d08-4bc0-9487-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:28.000Z",
"modified": "2015-09-30T16:15:28.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '114.30.73.130']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa1-83c4-4fbd-90e2-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:29.000Z",
"modified": "2015-09-30T16:15:29.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.119.250.245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa1-9190-4a79-8979-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:29.000Z",
"modified": "2015-09-30T16:15:29.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.252.50.124']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa2-f1a4-4edd-a8d8-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:30.000Z",
"modified": "2015-09-30T16:15:30.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.174.91.90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa2-4b28-498a-8433-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:30.000Z",
"modified": "2015-09-30T16:15:30.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '186.46.142.66']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa3-70c8-4791-80de-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:31.000Z",
"modified": "2015-09-30T16:15:31.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.255.154.180']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa3-bdf0-4eff-9160-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:31.000Z",
"modified": "2015-09-30T16:15:31.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.191.34.245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa4-b060-4b9f-8297-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:32.000Z",
"modified": "2015-09-30T16:15:32.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.116.171.216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa4-0fbc-4ca1-b74a-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:32.000Z",
"modified": "2015-09-30T16:15:32.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.123.60.93']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa5-c49c-4ce8-a8df-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:33.000Z",
"modified": "2015-09-30T16:15:33.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.109.179.197']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa5-6acc-4924-aa38-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:33.000Z",
"modified": "2015-09-30T16:15:33.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.57.165.182']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa6-6c64-431a-8afe-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:34.000Z",
"modified": "2015-09-30T16:15:34.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.221.146.67']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa6-4868-4b4e-85e9-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:34.000Z",
"modified": "2015-09-30T16:15:34.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.221.146.107']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa6-d4d4-408a-9f3f-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:34.000Z",
"modified": "2015-09-30T16:15:34.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.221.156.216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa7-d1b0-43a5-a905-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:35.000Z",
"modified": "2015-09-30T16:15:35.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.27.57.164']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa7-6848-4ee5-9534-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:35.000Z",
"modified": "2015-09-30T16:15:35.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.241.176.230']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa8-92e4-412b-ae18-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:36.000Z",
"modified": "2015-09-30T16:15:36.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.140.63.207']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa8-a680-4744-905c-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:36.000Z",
"modified": "2015-09-30T16:15:36.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.230.220.8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa9-9888-4b5f-ae4e-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:37.000Z",
"modified": "2015-09-30T16:15:37.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.86.226.85']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aa9-8028-4576-953d-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:37.000Z",
"modified": "2015-09-30T16:15:37.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '150.129.48.147']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aaa-70fc-4fa8-a7b5-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:38.000Z",
"modified": "2015-09-30T16:15:38.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '150.129.49.139']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aaa-dfd0-454c-9f49-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:38.000Z",
"modified": "2015-09-30T16:15:38.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.185.166.94']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aab-a3f8-4236-9967-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:39.000Z",
"modified": "2015-09-30T16:15:39.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.120.201.9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aab-4824-4614-97a9-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:39.000Z",
"modified": "2015-09-30T16:15:39.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.112.153.202']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aab-e19c-45ed-b835-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:39.000Z",
"modified": "2015-09-30T16:15:39.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.190.64.35']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aac-a130-4e36-a00f-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:40.000Z",
"modified": "2015-09-30T16:15:40.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.120.194.101']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aac-41fc-40db-8812-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:40.000Z",
"modified": "2015-09-30T16:15:40.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.123.58.42']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aad-8850-4d43-bb12-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:41.000Z",
"modified": "2015-09-30T16:15:41.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.123.135.106']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aad-a9c8-4ae4-82dc-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:41.000Z",
"modified": "2015-09-30T16:15:41.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.100.4.60']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aae-8180-44b7-800e-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:42.000Z",
"modified": "2015-09-30T16:15:42.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '150.129.49.162']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aae-afd8-4650-b899-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:42.000Z",
"modified": "2015-09-30T16:15:42.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.125.38.100']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aaf-92ac-448e-bb33-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:43.000Z",
"modified": "2015-09-30T16:15:43.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.92.204.37']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aaf-03cc-4af8-b00d-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:43.000Z",
"modified": "2015-09-30T16:15:43.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.238.241.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0aaf-5834-4a02-a437-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:43.000Z",
"modified": "2015-09-30T16:15:43.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '84.54.191.170']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0ab0-609c-414a-abe8-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:44.000Z",
"modified": "2015-09-30T16:15:44.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.174.116.76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0ab0-85b0-4233-9207-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:44.000Z",
"modified": "2015-09-30T16:15:44.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.117.104.102']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0ab1-69c4-4bbe-bb56-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:45.000Z",
"modified": "2015-09-30T16:15:45.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.189.77.76']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0ab1-fab0-4457-bde2-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:45.000Z",
"modified": "2015-09-30T16:15:45.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.239.244.187']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0ab2-a508-48fa-94b6-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:46.000Z",
"modified": "2015-09-30T16:15:46.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.174.237.115']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0ab2-c948-470c-9b77-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:46.000Z",
"modified": "2015-09-30T16:15:46.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '73.38.228.117']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0ab3-19e8-49b0-8875-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:47.000Z",
"modified": "2015-09-30T16:15:47.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.222.25.58']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0ab3-1dbc-4039-9443-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:47.000Z",
"modified": "2015-09-30T16:15:47.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.105.117']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0ab3-f48c-4f43-abcb-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:15:47.000Z",
"modified": "2015-09-30T16:15:47.000Z",
"description": "Dyre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.12.202.99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:15:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "External analysis"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"External analysis\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b02-f7f8-4999-af1e-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:06.000Z",
"modified": "2015-09-30T16:17:06.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://109.199.11.51/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b03-76f0-4bd6-8b4a-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:07.000Z",
"modified": "2015-09-30T16:17:07.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://112.133.203.43/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b03-0800-4f9f-b294-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:07.000Z",
"modified": "2015-09-30T16:17:07.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://142.47.213.123/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b04-57f4-47e2-bb55-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:08.000Z",
"modified": "2015-09-30T16:17:08.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://150.129.49.11/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b04-a9c0-4ca8-915e-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:08.000Z",
"modified": "2015-09-30T16:17:08.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://173.216.247.74/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b04-a4e4-4ce0-9025-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:08.000Z",
"modified": "2015-09-30T16:17:08.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://173.248.31.6/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b05-e784-4dda-b82c-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:09.000Z",
"modified": "2015-09-30T16:17:09.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://176.101.135.103/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b05-a2d0-4696-b25c-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:09.000Z",
"modified": "2015-09-30T16:17:09.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://180.233.123.210/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b06-0388-40ca-a336-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:10.000Z",
"modified": "2015-09-30T16:17:10.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://185.89.64.160/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b07-f714-4b6c-a235-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:11.000Z",
"modified": "2015-09-30T16:17:11.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://186.68.94.38/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b07-bd58-456f-b9e2-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:11.000Z",
"modified": "2015-09-30T16:17:11.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://194.28.191.245/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b08-a104-4bef-9481-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:12.000Z",
"modified": "2015-09-30T16:17:12.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://197.210.199.21/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b09-5148-4e3a-9f4b-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:13.000Z",
"modified": "2015-09-30T16:17:13.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://203.115.103.27/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b0a-1250-40a9-ae80-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:14.000Z",
"modified": "2015-09-30T16:17:14.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://203.129.197.50/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b0a-21f4-41ca-b5ce-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:14.000Z",
"modified": "2015-09-30T16:17:14.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://208.117.68.78/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b0b-5338-4e84-b53d-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:15.000Z",
"modified": "2015-09-30T16:17:15.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://209.27.49.117/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b0c-9668-4567-b5f4-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:16.000Z",
"modified": "2015-09-30T16:17:16.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://213.92.138.154/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b0d-bb78-4575-98b9-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:17.000Z",
"modified": "2015-09-30T16:17:17.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://24.148.217.188/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b0e-86c0-4048-8088-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:18.000Z",
"modified": "2015-09-30T16:17:18.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://24.33.131.116/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b0e-828c-4788-8943-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:18.000Z",
"modified": "2015-09-30T16:17:18.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://27.109.20.53/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b0f-df50-4d35-b4a2-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:19.000Z",
"modified": "2015-09-30T16:17:19.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://37.57.144.177/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b10-3a08-4c66-84c1-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:20.000Z",
"modified": "2015-09-30T16:17:20.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://42.47.213.123/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b11-06a8-4aea-8b4c-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:21.000Z",
"modified": "2015-09-30T16:17:21.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://45.64.159.18/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b11-cd30-4183-b9c1-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:21.000Z",
"modified": "2015-09-30T16:17:21.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://63.248.156.246/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b12-caf8-4c72-ab6c-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:22.000Z",
"modified": "2015-09-30T16:17:22.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://65.33.236.173/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b13-ffac-4387-9f80-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:23.000Z",
"modified": "2015-09-30T16:17:23.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://67.207.229.215/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b14-5d18-4170-8182-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:24.000Z",
"modified": "2015-09-30T16:17:24.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://67.221.147.66/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b15-307c-4f97-b64d-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:25.000Z",
"modified": "2015-09-30T16:17:25.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://67.221.195.6/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b15-03c8-48e1-8392-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:25.000Z",
"modified": "2015-09-30T16:17:25.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://67.222.201.222/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b16-f550-4758-b165-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:26.000Z",
"modified": "2015-09-30T16:17:26.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://67.222.201.61/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b17-a588-4fbb-9572-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:27.000Z",
"modified": "2015-09-30T16:17:27.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://68.70.242.203/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b18-83a0-42fb-b0fd-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:28.000Z",
"modified": "2015-09-30T16:17:28.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://69.144.171.44/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b18-3f74-43cc-a026-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:28.000Z",
"modified": "2015-09-30T16:17:28.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://69.9.204.114/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b19-6be8-418b-8b24-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:29.000Z",
"modified": "2015-09-30T16:17:29.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://72.175.10.116/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b1a-d270-4ff2-92ac-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:30.000Z",
"modified": "2015-09-30T16:17:30.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://72.230.82.80/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b1b-1d5c-4876-9844-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:31.000Z",
"modified": "2015-09-30T16:17:31.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://77.48.30.156/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b1c-a6fc-43c7-86ff-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:32.000Z",
"modified": "2015-09-30T16:17:32.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://78.108.101.67/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b1c-fd24-4dd2-8b62-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:32.000Z",
"modified": "2015-09-30T16:17:32.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://78.72.233.105/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b1d-6db0-45ec-bdf4-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:33.000Z",
"modified": "2015-09-30T16:17:33.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://82.115.76.211/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b1e-2c10-46ae-9acb-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:34.000Z",
"modified": "2015-09-30T16:17:34.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://82.160.64.45/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b1f-d05c-4a90-8795-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:35.000Z",
"modified": "2015-09-30T16:17:35.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://85.135.104.170/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b1f-cd5c-45ab-9ce3-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:35.000Z",
"modified": "2015-09-30T16:17:35.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://87.249.142.189/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b20-f104-4d39-898b-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:36.000Z",
"modified": "2015-09-30T16:17:36.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://89.239.120.43/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b21-2ffc-46a6-ba4b-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:37.000Z",
"modified": "2015-09-30T16:17:37.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://91.246.105.164/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b22-f4fc-4ca4-884d-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:38.000Z",
"modified": "2015-09-30T16:17:38.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://94.141.130.9/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b23-a3ec-48d8-9a95-8024950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:17:38.000Z",
"modified": "2015-09-30T16:17:38.000Z",
"description": "Upatre Downloading Dyre",
"pattern": "[url:value = 'https://94.40.82.66/Ares13.zip']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:17:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b51-2b14-448e-802c-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:18:25.000Z",
"modified": "2015-09-30T16:18:25.000Z",
"description": "Attachment hash",
"pattern": "[file:hashes.SHA256 = '5f707df691a7820bfe530f394bef61c1f7fd48496bff120bd2bcb6c9c9a550ae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:18:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b52-a140-4534-9cb3-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:18:26.000Z",
"modified": "2015-09-30T16:18:26.000Z",
"description": "Upatre (id 22_U13) hash",
"pattern": "[file:hashes.SHA256 = 'afce5c6f08f26ebb12b9724fcb04009a9d54bb02c388e686135a381cecda8237']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:18:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b52-4d9c-4f09-b8b8-801c950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:18:26.000Z",
"modified": "2015-09-30T16:18:26.000Z",
"description": "Dyreza (id 2209us13) hash",
"pattern": "[file:hashes.SHA256 = 'dc8849a7d9c25b4168327259bfd82e83bb308485824664b19e79c6c6be998f8c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:18:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b6d-66a0-41c0-ad3c-8023950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:18:53.000Z",
"modified": "2015-09-30T16:18:53.000Z",
"description": "Upatre C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.149.90.166']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:18:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b6d-de34-454b-bc5a-8023950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:18:53.000Z",
"modified": "2015-09-30T16:18:53.000Z",
"description": "Dyreza C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.105.117']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:18:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0b6e-a818-4f1a-9e3f-8023950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:18:54.000Z",
"modified": "2015-09-30T16:18:54.000Z",
"description": "Dyreza C2",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.12.202.99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:18:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0ba9-0474-43a7-ab02-6789950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:19:53.000Z",
"modified": "2015-09-30T16:19:53.000Z",
"description": "Xbagging additional code",
"pattern": "[url:value = 'http://quotearabiasale.com/wp-content/themes/epix/lib/adm/inc/phpflickr/cache/5716367236.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:19:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0ba9-e23c-44cf-9560-6789950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:19:53.000Z",
"modified": "2015-09-30T16:19:53.000Z",
"description": "Xbagging additional code",
"pattern": "[url:value = 'http://sahabatbuku.com/wp-content/themes/bazar/core/assets/images/menu/5716367236.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:19:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0baa-9064-4a68-a023-6789950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:19:54.000Z",
"modified": "2015-09-30T16:19:54.000Z",
"description": "Xbagging payload URL",
"pattern": "[url:value = 'http://quotearabiasale.com/wp-content/themes/epix/lib/adm/inc/phpflickr/cache/pipi.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:19:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0baa-58c4-4165-bc49-6789950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:19:54.000Z",
"modified": "2015-09-30T16:19:54.000Z",
"description": "Xbagging payload URL",
"pattern": "[url:value = 'http://sahabatbuku.com/wp-content/themes/bazar/core/assets/images/menu/pipi.txt']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:19:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560c0bab-13a4-4976-864d-6789950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-09-30T16:19:55.000Z",
"modified": "2015-09-30T16:19:55.000Z",
"description": "Upatre",
"pattern": "[url:value = 'http://pcsolutionsexpert.com/wp-content/uploads/2015/08/calc.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-09-30T16:19:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560cd020-8424-4fee-a01c-6221950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-01T06:18:08.000Z",
"modified": "2015-10-01T06:18:08.000Z",
"description": "Dyreza (id 2209us13) hash - Xchecked via VT: dc8849a7d9c25b4168327259bfd82e83bb308485824664b19e79c6c6be998f8c",
"pattern": "[file:hashes.SHA1 = 'eae3eafac1334886ddbcf80a79895e5ff8fcbe98']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-01T06:18:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560cd020-0a68-4277-860c-6221950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-01T06:18:08.000Z",
"modified": "2015-10-01T06:18:08.000Z",
"description": "Dyreza (id 2209us13) hash - Xchecked via VT: dc8849a7d9c25b4168327259bfd82e83bb308485824664b19e79c6c6be998f8c",
"pattern": "[file:hashes.MD5 = '512d1c84ca16c2d968ffcbf5c7a08780']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-01T06:18:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560cd021-3128-418d-8394-6221950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-01T06:18:09.000Z",
"modified": "2015-10-01T06:18:09.000Z",
"first_observed": "2015-10-01T06:18:09Z",
"last_observed": "2015-10-01T06:18:09Z",
"number_observed": 1,
"object_refs": [
"url--560cd021-3128-418d-8394-6221950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--560cd021-3128-418d-8394-6221950d210b",
"value": "https://www.virustotal.com/file/dc8849a7d9c25b4168327259bfd82e83bb308485824664b19e79c6c6be998f8c/analysis/1443014113/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560cd021-7c28-437c-bb92-6221950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-01T06:18:09.000Z",
"modified": "2015-10-01T06:18:09.000Z",
"description": "Upatre (id 22_U13) hash - Xchecked via VT: afce5c6f08f26ebb12b9724fcb04009a9d54bb02c388e686135a381cecda8237",
"pattern": "[file:hashes.SHA1 = 'e9c9b888e1e9b952ee65d71e2d2ac29f50655425']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-01T06:18:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560cd022-6bd8-4997-8302-6221950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-01T06:18:10.000Z",
"modified": "2015-10-01T06:18:10.000Z",
"description": "Upatre (id 22_U13) hash - Xchecked via VT: afce5c6f08f26ebb12b9724fcb04009a9d54bb02c388e686135a381cecda8237",
"pattern": "[file:hashes.MD5 = '842cedae3fdfb20457aa8038c1893b2f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-01T06:18:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560cd022-fc14-4020-8e06-6221950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-01T06:18:10.000Z",
"modified": "2015-10-01T06:18:10.000Z",
"first_observed": "2015-10-01T06:18:10Z",
"last_observed": "2015-10-01T06:18:10Z",
"number_observed": 1,
"object_refs": [
"url--560cd022-fc14-4020-8e06-6221950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--560cd022-fc14-4020-8e06-6221950d210b",
"value": "https://www.virustotal.com/file/afce5c6f08f26ebb12b9724fcb04009a9d54bb02c388e686135a381cecda8237/analysis/1443102943/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560cd023-2e7c-46a8-8597-6221950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-01T06:18:11.000Z",
"modified": "2015-10-01T06:18:11.000Z",
"description": "Attachment hash - Xchecked via VT: 5f707df691a7820bfe530f394bef61c1f7fd48496bff120bd2bcb6c9c9a550ae",
"pattern": "[file:hashes.SHA1 = '7d706930bb0e66bd58012634b6f7333f9f3c7324']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-01T06:18:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--560cd023-f5b0-45c7-ac21-6221950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-01T06:18:11.000Z",
"modified": "2015-10-01T06:18:11.000Z",
"description": "Attachment hash - Xchecked via VT: 5f707df691a7820bfe530f394bef61c1f7fd48496bff120bd2bcb6c9c9a550ae",
"pattern": "[file:hashes.MD5 = '32ec9366e495e049cdd762ba3e2efe1a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-10-01T06:18:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--560cd024-91ac-4d95-a274-6221950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-10-01T06:18:12.000Z",
"modified": "2015-10-01T06:18:12.000Z",
"first_observed": "2015-10-01T06:18:12Z",
"last_observed": "2015-10-01T06:18:12Z",
"number_observed": 1,
"object_refs": [
"url--560cd024-91ac-4d95-a274-6221950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--560cd024-91ac-4d95-a274-6221950d210b",
"value": "https://www.virustotal.com/file/5f707df691a7820bfe530f394bef61c1f7fd48496bff120bd2bcb6c9c9a550ae/analysis/1443436758/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}