5363 lines
No EOL
215 KiB
JSON
5363 lines
No EOL
215 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--56cdcbde-4fb4-4523-b01d-ff01950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:32.000Z",
|
|
"modified": "2016-02-24T15:44:32.000Z",
|
|
"name": "CthulhuSPRL.be",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--56cdcbde-4fb4-4523-b01d-ff01950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:32.000Z",
|
|
"modified": "2016-02-24T15:44:32.000Z",
|
|
"name": "OSINT Dust Storm Campaign Targeting Japanese Critical Infrastructure",
|
|
"published": "2016-07-11T14:17:29Z",
|
|
"object_refs": [
|
|
"observed-data--56cdcc43-3d84-41fd-9a85-4c81950d210f",
|
|
"url--56cdcc43-3d84-41fd-9a85-4c81950d210f",
|
|
"observed-data--56cdcc43-0208-443f-ba03-4958950d210f",
|
|
"url--56cdcc43-0208-443f-ba03-4958950d210f",
|
|
"campaign--56cdcc5a-6afc-490c-a4c4-4698950d210f",
|
|
"indicator--56cdccd1-68c0-4aee-aaa8-4ba0950d210f",
|
|
"indicator--56cdccd2-3978-48e1-81bc-4101950d210f",
|
|
"indicator--56cdccd2-db3c-4949-869f-4d3c950d210f",
|
|
"indicator--56cdccd2-589c-49d2-b203-4ea9950d210f",
|
|
"indicator--56cdccd2-e1a8-409e-8af7-470c950d210f",
|
|
"indicator--56cdccd3-cd44-43d2-947b-4af9950d210f",
|
|
"indicator--56cdccd3-871c-49c3-b4fb-49ac950d210f",
|
|
"indicator--56cdccd3-a988-47d9-a9c7-4bb1950d210f",
|
|
"indicator--56cdccf6-d914-459a-bf2b-4329950d210f",
|
|
"indicator--56cdccf7-b340-4078-9cfe-4aa0950d210f",
|
|
"indicator--56cdccf7-c624-4a88-906c-434f950d210f",
|
|
"indicator--56cdccf7-a71c-4a25-8996-44b6950d210f",
|
|
"indicator--56cdccf8-c508-4ecb-933d-4248950d210f",
|
|
"indicator--56cdccf8-0eac-4f13-8722-4bd2950d210f",
|
|
"indicator--56cdccf8-4728-451d-aaac-4709950d210f",
|
|
"indicator--56cdccf8-2b78-48bb-8334-4634950d210f",
|
|
"indicator--56cdccf9-1ed4-42fe-8dd2-4fbb950d210f",
|
|
"indicator--56cdccf9-76dc-4b1b-be9e-4f01950d210f",
|
|
"indicator--56cdccf9-5324-4b26-8da6-4933950d210f",
|
|
"indicator--56cdccfa-6bd4-4eb2-a513-436e950d210f",
|
|
"indicator--56cdccfa-edbc-4978-bb6e-4c06950d210f",
|
|
"indicator--56cdcd5a-0b98-40f4-95a6-d4e3950d210f",
|
|
"indicator--56cdcd5a-c224-4082-826c-d4e3950d210f",
|
|
"indicator--56cdcd5b-6d68-4391-94bd-d4e3950d210f",
|
|
"indicator--56cdcd5b-a164-42fe-b185-d4e3950d210f",
|
|
"indicator--56cdcd5b-3d84-47e1-a01a-d4e3950d210f",
|
|
"indicator--56cdcdd4-735c-46b8-b9ba-4ea3950d210f",
|
|
"indicator--56cdcdd4-2b38-416d-88cf-4704950d210f",
|
|
"indicator--56cdcdd4-5014-4e5f-9ce7-4adf950d210f",
|
|
"indicator--56cdcdd5-d0dc-406c-93d2-4bff950d210f",
|
|
"indicator--56cdcdd5-3800-4100-b92f-4617950d210f",
|
|
"indicator--56cdcdd5-2368-472f-bf0e-4d20950d210f",
|
|
"indicator--56cdcdd6-e43c-4d0a-a12e-4269950d210f",
|
|
"indicator--56cdcdd6-350c-4713-a248-45c8950d210f",
|
|
"indicator--56cdcdd6-b3b0-4773-a339-4c78950d210f",
|
|
"indicator--56cdcdd7-ce28-4d3e-b953-4fb7950d210f",
|
|
"indicator--56cdcdf6-d114-4c19-8922-4835950d210f",
|
|
"indicator--56cdce16-1df0-4185-bcaa-4432950d210f",
|
|
"indicator--56cdce16-08c0-42c8-89cd-4432950d210f",
|
|
"indicator--56cdce16-49d8-40d6-8da6-4432950d210f",
|
|
"indicator--56cdce16-1fa4-46b0-aec5-4432950d210f",
|
|
"indicator--56cdce17-bd44-42f1-a4a6-4432950d210f",
|
|
"indicator--56cdce17-5b68-45f7-9d16-4432950d210f",
|
|
"indicator--56cdce17-d8f4-45dc-929c-4432950d210f",
|
|
"indicator--56cdce17-f84c-4f6e-a49c-4432950d210f",
|
|
"indicator--56cdce18-109c-4286-b57f-4432950d210f",
|
|
"indicator--56cdce18-dd4c-44cd-b1a5-4432950d210f",
|
|
"indicator--56cdce39-fc0c-4667-b768-4433950d210f",
|
|
"indicator--56cdce39-05e0-4abc-8b18-4433950d210f",
|
|
"indicator--56cdce39-bec4-44d7-bd25-4433950d210f",
|
|
"indicator--56cdce39-7e58-4fac-8945-4433950d210f",
|
|
"indicator--56cdce3a-ef74-45e8-8e4c-4433950d210f",
|
|
"indicator--56cdce3a-756c-400b-ae47-4433950d210f",
|
|
"indicator--56cdce3a-4420-4547-a9a2-4433950d210f",
|
|
"indicator--56cdce3b-2d54-4fab-a8da-4433950d210f",
|
|
"indicator--56cdce3b-6f8c-4cd2-9aeb-4433950d210f",
|
|
"indicator--56cdce3b-33c0-460f-8cea-4433950d210f",
|
|
"indicator--56cdce3b-048c-4e74-9882-4433950d210f",
|
|
"indicator--56cdce52-4a2c-4148-a813-4fd1950d210f",
|
|
"indicator--56cdce53-5eb0-4304-9509-4a0a950d210f",
|
|
"indicator--56cdce53-b514-48e3-9703-4c60950d210f",
|
|
"indicator--56cdce53-66d8-4152-bfca-4ae4950d210f",
|
|
"indicator--56cdce53-47ac-471b-aea7-4e75950d210f",
|
|
"indicator--56cdce54-a920-4167-a070-4a00950d210f",
|
|
"indicator--56cdce6a-f954-4b28-9c57-975b950d210f",
|
|
"indicator--56cdce6a-334c-4a77-8401-975b950d210f",
|
|
"indicator--56cdce6a-d304-4860-8a15-975b950d210f",
|
|
"indicator--56cdce6b-2b34-4e85-adde-975b950d210f",
|
|
"indicator--56cdce6b-4c68-4c63-afbf-975b950d210f",
|
|
"indicator--56cdce6b-93a4-48ab-8df8-975b950d210f",
|
|
"indicator--56cdce6c-52cc-4a63-862f-975b950d210f",
|
|
"indicator--56cdce6c-3074-4233-b8b6-975b950d210f",
|
|
"indicator--56cdce6c-a178-4ed0-85ca-975b950d210f",
|
|
"indicator--56cdce6c-43b4-4a2e-986d-975b950d210f",
|
|
"indicator--56cdce98-ee84-4a67-9211-975b950d210f",
|
|
"indicator--56cdce99-a510-4dd7-921b-975b950d210f",
|
|
"indicator--56cdce99-11fc-43a4-b7ee-975b950d210f",
|
|
"indicator--56cdce99-eb88-44df-bd55-975b950d210f",
|
|
"indicator--56cdce9a-6018-48e3-a0d0-975b950d210f",
|
|
"indicator--56cdce9a-3fac-4a69-8268-975b950d210f",
|
|
"indicator--56cdce9a-1180-42c4-bae5-975b950d210f",
|
|
"indicator--56cdce9a-14a8-44df-af72-975b950d210f",
|
|
"indicator--56cdceb8-7850-4383-a008-4f89950d210f",
|
|
"indicator--56cdceb9-0afc-4d39-b11e-441b950d210f",
|
|
"indicator--56cdceb9-0a00-4d54-9a3e-4153950d210f",
|
|
"indicator--56cdceb9-ccf8-45c5-837c-4a64950d210f",
|
|
"indicator--56cdceba-b508-4afd-aab5-49d9950d210f",
|
|
"indicator--56cdceba-f81c-4665-975d-49b4950d210f",
|
|
"indicator--56cdceba-850c-41b4-b25c-458a950d210f",
|
|
"indicator--56cdcebb-62bc-4e8e-8e6d-4311950d210f",
|
|
"indicator--56cdcebb-e940-4486-afa6-4e48950d210f",
|
|
"indicator--56cdcebb-768c-4244-bb8e-4e1a950d210f",
|
|
"indicator--56cdcebc-7934-496a-9062-4b8f950d210f",
|
|
"indicator--56cdcebc-f828-41fb-9f66-4c63950d210f",
|
|
"indicator--56cdcebc-7154-4e7c-bc56-4653950d210f",
|
|
"indicator--56cdcebd-3fb0-487d-a39b-4279950d210f",
|
|
"indicator--56cdcebd-7fdc-4e3c-9332-437f950d210f",
|
|
"indicator--56cdcebd-b240-4161-bca7-4d65950d210f",
|
|
"indicator--56cdcebe-b388-467b-903d-49f4950d210f",
|
|
"indicator--56cdcebe-381c-4362-8ead-4538950d210f",
|
|
"indicator--56cdcebe-2f60-45ec-8e7a-4487950d210f",
|
|
"indicator--56cdcebf-3504-44d9-969f-463c950d210f",
|
|
"indicator--56cdcebf-09fc-49f9-ab0f-42be950d210f",
|
|
"indicator--56cdcebf-59c4-4f46-a278-457f950d210f",
|
|
"indicator--56cdcec0-de54-4d69-ab6d-4f28950d210f",
|
|
"indicator--56cdcec0-599c-4de9-81d6-4cc4950d210f",
|
|
"indicator--56cdcec0-54c8-48d5-abfe-4af3950d210f",
|
|
"indicator--56cdcec1-18e0-4f63-9b79-4d20950d210f",
|
|
"indicator--56cdcec1-84a8-4509-affd-4e99950d210f",
|
|
"indicator--56cdcec1-d424-4b79-a414-4c8f950d210f",
|
|
"indicator--56cdcec2-ef9c-4023-999c-4ebc950d210f",
|
|
"indicator--56cdcec2-9288-4cf5-8fe3-4d68950d210f",
|
|
"indicator--56cdcec2-3e30-4c7e-8c05-4a3f950d210f",
|
|
"indicator--56cdcec3-e794-4952-9bb9-4f36950d210f",
|
|
"indicator--56cdcec3-cd84-4c8d-9ef9-4c45950d210f",
|
|
"indicator--56cdcec3-3aa4-40b9-aa4a-46a3950d210f",
|
|
"indicator--56cdcec3-3964-422e-9227-48dd950d210f",
|
|
"indicator--56cdcec4-0d9c-427a-86a3-4ca0950d210f",
|
|
"indicator--56cdcec4-5400-4c27-9f22-400a950d210f",
|
|
"indicator--56cdcec4-ec98-435d-9e4d-4cbf950d210f",
|
|
"indicator--56cdcec5-36ac-4a9d-950c-4979950d210f",
|
|
"indicator--56cdcec5-9c10-4497-a096-4b17950d210f",
|
|
"indicator--56cdcedd-467c-44a5-b22e-4b5c950d210f",
|
|
"indicator--56cdcedd-a7d0-4240-9a68-440c950d210f",
|
|
"indicator--56cdcede-6030-4bd8-8ae6-4bf2950d210f",
|
|
"indicator--56cdcede-3c88-4b52-a7bd-431e950d210f",
|
|
"indicator--56cdcefa-ecf0-43bb-a1e9-c31b950d210f",
|
|
"indicator--56cdcefb-6bcc-4912-913c-c31b950d210f",
|
|
"indicator--56cdcefb-7624-4026-9d73-c31b950d210f",
|
|
"indicator--56cdcefb-d588-461a-a3a7-c31b950d210f",
|
|
"indicator--56cdcefb-d230-42b2-8512-c31b950d210f",
|
|
"indicator--56cdcefc-fe08-4a47-8d6f-c31b950d210f",
|
|
"indicator--56cdcefc-0920-495e-96d1-c31b950d210f",
|
|
"indicator--56cdcefc-f3f4-4e3f-8c0d-c31b950d210f",
|
|
"indicator--56cdcefc-aa20-4222-91d6-c31b950d210f",
|
|
"indicator--56cdcefd-5080-4251-9a34-c31b950d210f",
|
|
"indicator--56cdcefd-bf28-41c0-93d8-c31b950d210f",
|
|
"indicator--56cdcefd-e010-4e52-b458-c31b950d210f",
|
|
"indicator--56cdcfbb-ec9c-4b0c-adc4-44f6950d210f",
|
|
"indicator--56cdcfbb-eda8-4580-b2cd-4603950d210f",
|
|
"indicator--56cdcfbc-6974-4a8c-a3ca-4cb1950d210f",
|
|
"indicator--56cdcfbc-dcbc-4f64-bcd1-4149950d210f",
|
|
"indicator--56cdcfbc-034c-4a00-abc7-41f7950d210f",
|
|
"indicator--56cdcfbd-3bbc-4f37-8a82-444f950d210f",
|
|
"indicator--56cdcfbd-b728-4907-8e3e-4a57950d210f",
|
|
"indicator--56cdcfbd-fb84-407a-af27-48ce950d210f",
|
|
"indicator--56cdcfbe-ec50-4e14-8fda-400f950d210f",
|
|
"indicator--56cdcfbe-9d74-4dbb-919e-410f950d210f",
|
|
"indicator--56cdcfbe-7194-4d64-87d6-4757950d210f",
|
|
"indicator--56cdcfbf-d584-401a-95ac-4d2a950d210f",
|
|
"indicator--56cdcfbf-cea0-4e6d-9452-44a0950d210f",
|
|
"indicator--56cdcfbf-9bdc-430c-a34d-4dcf950d210f",
|
|
"indicator--56cdcfc0-efa4-49a9-9ac5-4f75950d210f",
|
|
"indicator--56cdcfc0-7b50-427c-9334-4fd5950d210f",
|
|
"indicator--56cdcfc0-0bac-4705-a758-4c8b950d210f",
|
|
"indicator--56cdcfc1-3808-49c6-aeb8-4732950d210f",
|
|
"indicator--56cdcfc1-f1a0-4593-ade5-46e5950d210f",
|
|
"indicator--56cdcfc1-e39c-4c96-9aea-4768950d210f",
|
|
"indicator--56cdcfc2-19d4-434a-ba21-4cfb950d210f",
|
|
"indicator--56cdcfc2-a878-43d2-bbcd-4213950d210f",
|
|
"indicator--56cdcfc2-ed44-473c-bbc2-41da950d210f",
|
|
"indicator--56cdcfc3-0354-4c47-a163-4172950d210f",
|
|
"indicator--56cdcfc3-e9e4-4293-831c-40f5950d210f",
|
|
"indicator--56cdcfc3-a4a4-4abd-8d27-485c950d210f",
|
|
"indicator--56cdcfc3-1578-4f9a-aeed-49b4950d210f",
|
|
"indicator--56cdcfc4-a64c-44a7-acac-416a950d210f",
|
|
"indicator--56cdcfc4-6410-4be4-b5cc-446f950d210f",
|
|
"indicator--56cdcfc4-ad78-4b92-8c4a-4f57950d210f",
|
|
"indicator--56cdcfc5-319c-4707-8c75-45d3950d210f",
|
|
"indicator--56cdcfc5-8cd8-4d1a-84b6-4aa9950d210f",
|
|
"indicator--56cdcfc5-1598-4ec5-950b-4eeb950d210f",
|
|
"indicator--56cdcfc6-999c-4aec-a7e0-45e8950d210f",
|
|
"indicator--56cdcfc6-1084-4b7a-b099-414a950d210f",
|
|
"indicator--56cdcfc6-10f4-416e-bbf7-404a950d210f",
|
|
"indicator--56cdcfc6-ec8c-45e3-ac60-4933950d210f",
|
|
"indicator--56cdcfc7-fea4-4cb0-8473-4c70950d210f",
|
|
"indicator--56cdcfc7-7a94-41fd-8dd4-45a3950d210f",
|
|
"indicator--56cdcfc7-8854-4472-8d47-48fe950d210f",
|
|
"indicator--56cdcfc8-67d4-42dd-9fdf-4da0950d210f",
|
|
"indicator--56cdcfc8-1720-4a2c-bbc0-49c5950d210f",
|
|
"indicator--56cdcfc8-4900-4d4e-85ba-4588950d210f",
|
|
"indicator--56cdcfc8-a0ac-46d2-a29c-4054950d210f",
|
|
"indicator--56cdcfc9-c788-42c0-9619-4249950d210f",
|
|
"indicator--56cdcfc9-c5f8-49f2-b54a-4327950d210f",
|
|
"indicator--56cdcfc9-edc4-4000-a26d-4807950d210f",
|
|
"indicator--56cdcfca-fce4-44af-ba05-4b87950d210f",
|
|
"indicator--56cdcfca-d8bc-4452-a933-47dd950d210f",
|
|
"indicator--56cdcfca-7084-46c3-b21b-4f3e950d210f",
|
|
"indicator--56cdcfca-d2d8-4dbc-9765-4084950d210f",
|
|
"indicator--56cdcfcb-db14-4d00-96d0-494b950d210f",
|
|
"indicator--56cdcfcb-e920-4e6a-a816-40be950d210f",
|
|
"indicator--56cdcfcb-8594-4fed-8004-44c7950d210f",
|
|
"indicator--56cdcfcb-0840-490e-acdd-4404950d210f",
|
|
"indicator--56cdcfcc-ad88-40cf-9bda-4221950d210f",
|
|
"indicator--56cdcfcc-501c-4c29-abb9-47e4950d210f",
|
|
"indicator--56cdcfcc-ca0c-423e-b374-4592950d210f",
|
|
"indicator--56cdcfcc-71e8-4c07-9fc3-47e1950d210f",
|
|
"indicator--56cdcfcd-f358-482f-9f1d-499b950d210f",
|
|
"indicator--56cdcfcd-86e8-46c9-bf95-478b950d210f",
|
|
"indicator--56cdcfce-fbac-4866-aeba-46f1950d210f",
|
|
"indicator--56cdcfce-485c-4527-8066-4066950d210f",
|
|
"indicator--56cdcfce-9780-4337-bb21-4dd8950d210f",
|
|
"indicator--56cdcfcf-3540-41e2-9e88-4eb2950d210f",
|
|
"indicator--56cdcfe0-0db0-4469-b722-ff01950d210f",
|
|
"indicator--56cdcfe0-87ec-45d2-b22a-ff01950d210f",
|
|
"indicator--56cdcfe0-3324-404e-9184-ff01950d210f",
|
|
"indicator--56cdcfe1-bb80-4402-aa5b-ff01950d210f",
|
|
"indicator--56cdcfe1-b4a0-4d2b-aa55-ff01950d210f",
|
|
"indicator--56cdcfe1-5a24-4191-a499-ff01950d210f",
|
|
"observed-data--56d3cf5c-a42c-4928-af4a-47f102de0b81",
|
|
"url--56d3cf5c-a42c-4928-af4a-47f102de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56cdcc43-3d84-41fd-9a85-4c81950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:29:07.000Z",
|
|
"modified": "2016-02-24T15:29:07.000Z",
|
|
"first_observed": "2016-02-24T15:29:07Z",
|
|
"last_observed": "2016-02-24T15:29:07Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56cdcc43-3d84-41fd-9a85-4c81950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56cdcc43-3d84-41fd-9a85-4c81950d210f",
|
|
"value": "https://www.cylance.com/new-security-research-from-cylance-spear-team-uncovers-multi-year-multi-attack-campaign-targeting-japanese-critical-infrastructure"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56cdcc43-0208-443f-ba03-4958950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:29:07.000Z",
|
|
"modified": "2016-02-24T15:29:07.000Z",
|
|
"first_observed": "2016-02-24T15:29:07Z",
|
|
"last_observed": "2016-02-24T15:29:07Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56cdcc43-0208-443f-ba03-4958950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56cdcc43-0208-443f-ba03-4958950d210f",
|
|
"value": "https://www.cylance.com/hubfs/2015_cylance_website/assets/operation-dust-storm/Op_Dust_Storm_Report.pdf"
|
|
},
|
|
{
|
|
"type": "campaign",
|
|
"spec_version": "2.1",
|
|
"id": "campaign--56cdcc5a-6afc-490c-a4c4-4698950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:29:30.000Z",
|
|
"modified": "2016-02-24T15:29:30.000Z",
|
|
"name": "Dust Storm",
|
|
"labels": [
|
|
"misp:type=\"campaign-name\"",
|
|
"misp:category=\"Attribution\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccd1-68c0-4aee-aaa8-4ba0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:31:29.000Z",
|
|
"modified": "2016-02-24T15:31:29.000Z",
|
|
"description": "2010 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.106.246.195']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:31:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccd2-3978-48e1-81bc-4101950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:31:30.000Z",
|
|
"modified": "2016-02-24T15:31:30.000Z",
|
|
"description": "2010 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.106.246.220']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:31:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccd2-db3c-4949-869f-4d3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:31:30.000Z",
|
|
"modified": "2016-02-24T15:31:30.000Z",
|
|
"description": "2010 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.106.246.254']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:31:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccd2-589c-49d2-b203-4ea9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:31:30.000Z",
|
|
"modified": "2016-02-24T15:31:30.000Z",
|
|
"description": "2010 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '111.67.199.213']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:31:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccd2-e1a8-409e-8af7-470c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:31:30.000Z",
|
|
"modified": "2016-02-24T15:31:30.000Z",
|
|
"description": "2010 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '125.46.42.221']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:31:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccd3-cd44-43d2-947b-4af9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:31:31.000Z",
|
|
"modified": "2016-02-24T15:31:31.000Z",
|
|
"description": "2010 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.162.53.224']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:31:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccd3-871c-49c3-b4fb-49ac950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:31:31.000Z",
|
|
"modified": "2016-02-24T15:31:31.000Z",
|
|
"description": "2010 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '124.162.53.203']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:31:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccd3-a988-47d9-a9c7-4bb1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:31:31.000Z",
|
|
"modified": "2016-02-24T15:31:31.000Z",
|
|
"description": "2010 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.11.202.233']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:31:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccf6-d914-459a-bf2b-4329950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:32:06.000Z",
|
|
"modified": "2016-02-24T15:32:06.000Z",
|
|
"description": "2010 c2 hostnames",
|
|
"pattern": "[domain-name:value = 'bfym2.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:32:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccf7-b340-4078-9cfe-4aa0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:32:07.000Z",
|
|
"modified": "2016-02-24T15:32:07.000Z",
|
|
"description": "2010 c2 hostnames",
|
|
"pattern": "[domain-name:value = 'books.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:32:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccf7-c624-4a88-906c-434f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:32:07.000Z",
|
|
"modified": "2016-02-24T15:32:07.000Z",
|
|
"description": "2010 c2 hostnames",
|
|
"pattern": "[domain-name:value = 'imnothk.8800.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:32:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccf7-a71c-4a25-8996-44b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:32:07.000Z",
|
|
"modified": "2016-02-24T15:32:07.000Z",
|
|
"description": "2010 c2 hostnames",
|
|
"pattern": "[domain-name:value = 'jiaoshow.9966.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:32:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccf8-c508-4ecb-933d-4248950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:32:08.000Z",
|
|
"modified": "2016-02-24T15:32:08.000Z",
|
|
"description": "2010 c2 hostnames",
|
|
"pattern": "[domain-name:value = 'kb1gs.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:32:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccf8-0eac-4f13-8722-4bd2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:32:08.000Z",
|
|
"modified": "2016-02-24T15:32:08.000Z",
|
|
"description": "2010 c2 hostnames",
|
|
"pattern": "[domain-name:value = 'kersperskey.8800.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:32:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccf8-4728-451d-aaac-4709950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:32:08.000Z",
|
|
"modified": "2016-02-24T15:32:08.000Z",
|
|
"description": "2010 c2 hostnames",
|
|
"pattern": "[domain-name:value = 'mailxss.9966.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:32:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccf8-2b78-48bb-8334-4634950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:32:08.000Z",
|
|
"modified": "2016-02-24T15:32:08.000Z",
|
|
"description": "2010 c2 hostnames",
|
|
"pattern": "[domain-name:value = 'microses.9966.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:32:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccf9-1ed4-42fe-8dd2-4fbb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:32:09.000Z",
|
|
"modified": "2016-02-24T15:32:09.000Z",
|
|
"description": "2010 c2 hostnames",
|
|
"pattern": "[domain-name:value = 'microupdate.8800.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:32:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccf9-76dc-4b1b-be9e-4f01950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:32:09.000Z",
|
|
"modified": "2016-02-24T15:32:09.000Z",
|
|
"description": "2010 c2 hostnames",
|
|
"pattern": "[domain-name:value = 'microwmies.oicp.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:32:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccf9-5324-4b26-8da6-4933950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:32:09.000Z",
|
|
"modified": "2016-02-24T15:32:09.000Z",
|
|
"description": "2010 c2 hostnames",
|
|
"pattern": "[domain-name:value = 'mocrosoftds.xicp.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:32:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccfa-6bd4-4eb2-a513-436e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:32:10.000Z",
|
|
"modified": "2016-02-24T15:32:10.000Z",
|
|
"description": "2010 c2 hostnames",
|
|
"pattern": "[domain-name:value = 'modeless.3322.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:32:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdccfa-edbc-4978-bb6e-4c06950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:32:10.000Z",
|
|
"modified": "2016-02-24T15:32:10.000Z",
|
|
"description": "2010 c2 hostnames",
|
|
"pattern": "[domain-name:value = 'yhkj.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:32:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcd5a-0b98-40f4-95a6-d4e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:33:46.000Z",
|
|
"modified": "2016-02-24T15:33:46.000Z",
|
|
"description": "2011 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.106.247.81']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:33:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcd5a-c224-4082-826c-d4e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:33:46.000Z",
|
|
"modified": "2016-02-24T15:33:46.000Z",
|
|
"description": "2011 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.106.246.177']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:33:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcd5b-6d68-4391-94bd-d4e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:33:47.000Z",
|
|
"modified": "2016-02-24T15:33:47.000Z",
|
|
"description": "2011 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.252.201.210']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:33:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcd5b-a164-42fe-b185-d4e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:33:47.000Z",
|
|
"modified": "2016-02-24T15:33:47.000Z",
|
|
"description": "2011 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '120.126.134.196']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:33:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcd5b-3d84-47e1-a01a-d4e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:33:47.000Z",
|
|
"modified": "2016-02-24T15:33:47.000Z",
|
|
"description": "2011 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '120.31.68.42']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:33:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcdd4-735c-46b8-b9ba-4ea3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:35:48.000Z",
|
|
"modified": "2016-02-24T15:35:48.000Z",
|
|
"description": "2011 C2 hostnames",
|
|
"pattern": "[domain-name:value = '323332.3322.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:35:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcdd4-2b38-416d-88cf-4704950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:35:48.000Z",
|
|
"modified": "2016-02-24T15:35:48.000Z",
|
|
"description": "2011 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'adobekr.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:35:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcdd4-5014-4e5f-9ce7-4adf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:35:48.000Z",
|
|
"modified": "2016-02-24T15:35:48.000Z",
|
|
"description": "2011 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'js.95nb.co.cc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:35:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcdd5-d0dc-406c-93d2-4bff950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:35:49.000Z",
|
|
"modified": "2016-02-24T15:35:49.000Z",
|
|
"description": "2011 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'js.adobekr.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:35:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcdd5-3800-4100-b92f-4617950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:35:49.000Z",
|
|
"modified": "2016-02-24T15:35:49.000Z",
|
|
"description": "2011 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'login.live.adobekr.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:35:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcdd5-2368-472f-bf0e-4d20950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:35:49.000Z",
|
|
"modified": "2016-02-24T15:35:49.000Z",
|
|
"description": "2011 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'login.live.wih365.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:35:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcdd6-e43c-4d0a-a12e-4269950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:35:50.000Z",
|
|
"modified": "2016-02-24T15:35:50.000Z",
|
|
"description": "2011 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'mesdata.8866.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:35:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcdd6-350c-4713-a248-45c8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:35:50.000Z",
|
|
"modified": "2016-02-24T15:35:50.000Z",
|
|
"description": "2011 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'msejake.7766.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:35:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcdd6-b3b0-4773-a339-4c78950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:35:50.000Z",
|
|
"modified": "2016-02-24T15:35:50.000Z",
|
|
"description": "2011 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'msevpn.3322.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:35:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcdd7-ce28-4d3e-b953-4fb7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:35:51.000Z",
|
|
"modified": "2016-02-24T15:35:51.000Z",
|
|
"description": "2011 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'sdj2b.3322.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:35:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcdf6-d114-4c19-8922-4835950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:36:22.000Z",
|
|
"modified": "2016-02-24T15:36:22.000Z",
|
|
"description": "2011 C2 domain",
|
|
"pattern": "[domain-name:value = 'moviestops.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:36:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce16-1df0-4185-bcaa-4432950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:36:54.000Z",
|
|
"modified": "2016-02-24T15:36:54.000Z",
|
|
"description": "2012 C2 Infrastructure",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.51.13.167']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:36:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce16-08c0-42c8-89cd-4432950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:36:54.000Z",
|
|
"modified": "2016-02-24T15:36:54.000Z",
|
|
"description": "2012 C2 Infrastructure",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '126.25.172.171']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:36:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce16-49d8-40d6-8da6-4432950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:36:54.000Z",
|
|
"modified": "2016-02-24T15:36:54.000Z",
|
|
"description": "2012 C2 Infrastructure",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '123.254.111.169']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:36:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce16-1fa4-46b0-aec5-4432950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:36:54.000Z",
|
|
"modified": "2016-02-24T15:36:54.000Z",
|
|
"description": "2012 C2 Infrastructure",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '114.108.150.38']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:36:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce17-bd44-42f1-a4a6-4432950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:36:55.000Z",
|
|
"modified": "2016-02-24T15:36:55.000Z",
|
|
"description": "2012 C2 Infrastructure",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '175.41.23.181']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:36:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce17-5b68-45f7-9d16-4432950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:36:55.000Z",
|
|
"modified": "2016-02-24T15:36:55.000Z",
|
|
"description": "2012 C2 Infrastructure",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '126.25.201.73']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:36:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce17-d8f4-45dc-929c-4432950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:36:55.000Z",
|
|
"modified": "2016-02-24T15:36:55.000Z",
|
|
"description": "2012 C2 Infrastructure",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '126.5.125.197']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:36:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce17-f84c-4f6e-a49c-4432950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:36:55.000Z",
|
|
"modified": "2016-02-24T15:36:55.000Z",
|
|
"description": "2012 C2 Infrastructure",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.124.12.24']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:36:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce18-109c-4286-b57f-4432950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:36:56.000Z",
|
|
"modified": "2016-02-24T15:36:56.000Z",
|
|
"description": "2012 C2 Infrastructure",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.106.246.222']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:36:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce18-dd4c-44cd-b1a5-4432950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:36:56.000Z",
|
|
"modified": "2016-02-24T15:36:56.000Z",
|
|
"description": "2012 C2 Infrastructure",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.124.12.59']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:36:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce39-fc0c-4667-b768-4433950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:29.000Z",
|
|
"modified": "2016-02-24T15:37:29.000Z",
|
|
"description": "2012 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'auto.glkjcorp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce39-05e0-4abc-8b18-4433950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:29.000Z",
|
|
"modified": "2016-02-24T15:37:29.000Z",
|
|
"description": "2012 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'gde.moviestops.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce39-bec4-44d7-bd25-4433950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:29.000Z",
|
|
"modified": "2016-02-24T15:37:29.000Z",
|
|
"description": "2012 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'health.dns1.us']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce39-7e58-4fac-8945-4433950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:29.000Z",
|
|
"modified": "2016-02-24T15:37:29.000Z",
|
|
"description": "2012 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'mail.adobekr.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce3a-ef74-45e8-8e4c-4433950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:30.000Z",
|
|
"modified": "2016-02-24T15:37:30.000Z",
|
|
"description": "2012 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'mail.glkjcorp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce3a-756c-400b-ae47-4433950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:30.000Z",
|
|
"modified": "2016-02-24T15:37:30.000Z",
|
|
"description": "2012 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'nttvps.gnway.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce3a-4420-4547-a9a2-4433950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:30.000Z",
|
|
"modified": "2016-02-24T15:37:30.000Z",
|
|
"description": "2012 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'qsgs.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce3b-2d54-4fab-a8da-4433950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:31.000Z",
|
|
"modified": "2016-02-24T15:37:31.000Z",
|
|
"description": "2012 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'smtp.adobekr.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce3b-6f8c-4cd2-9aeb-4433950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:31.000Z",
|
|
"modified": "2016-02-24T15:37:31.000Z",
|
|
"description": "2012 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'update.adobekr.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce3b-33c0-460f-8cea-4433950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:31.000Z",
|
|
"modified": "2016-02-24T15:37:31.000Z",
|
|
"description": "2012 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'wsxg.moviestops.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce3b-048c-4e74-9882-4433950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:31.000Z",
|
|
"modified": "2016-02-24T15:37:31.000Z",
|
|
"description": "2012 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'wxpb.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce52-4a2c-4148-a813-4fd1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:54.000Z",
|
|
"modified": "2016-02-24T15:37:54.000Z",
|
|
"description": "2013 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '218.106.246.189']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce53-5eb0-4304-9509-4a0a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:55.000Z",
|
|
"modified": "2016-02-24T15:37:55.000Z",
|
|
"description": "2013 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.116.105']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce53-b514-48e3-9703-4c60950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:55.000Z",
|
|
"modified": "2016-02-24T15:37:55.000Z",
|
|
"description": "2013 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.117.235']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce53-66d8-4152-bfca-4ae4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:55.000Z",
|
|
"modified": "2016-02-24T15:37:55.000Z",
|
|
"description": "2013 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.10.168.22']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce53-47ac-471b-aea7-4e75950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:55.000Z",
|
|
"modified": "2016-02-24T15:37:55.000Z",
|
|
"description": "2013 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '126.125.35.247']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce54-a920-4167-a070-4a00950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:37:56.000Z",
|
|
"modified": "2016-02-24T15:37:56.000Z",
|
|
"description": "2013 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.218.71.202']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:37:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce6a-f954-4b28-9c57-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:38:18.000Z",
|
|
"modified": "2016-02-24T15:38:18.000Z",
|
|
"description": "2013 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'en.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:38:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce6a-334c-4a77-8401-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:38:18.000Z",
|
|
"modified": "2016-02-24T15:38:18.000Z",
|
|
"description": "2013 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'mail.projectscorp.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:38:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce6a-d304-4860-8a15-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:38:18.000Z",
|
|
"modified": "2016-02-24T15:38:18.000Z",
|
|
"description": "2013 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'news.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:38:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce6b-2b34-4e85-adde-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:38:19.000Z",
|
|
"modified": "2016-02-24T15:38:19.000Z",
|
|
"description": "2013 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'pic.elecarrow.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:38:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce6b-4c68-4c63-afbf-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:38:19.000Z",
|
|
"modified": "2016-02-24T15:38:19.000Z",
|
|
"description": "2013 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'rbjg.moviestops.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:38:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce6b-93a4-48ab-8df8-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:38:19.000Z",
|
|
"modified": "2016-02-24T15:38:19.000Z",
|
|
"description": "2013 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'rbny.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:38:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce6c-52cc-4a63-862f-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:38:20.000Z",
|
|
"modified": "2016-02-24T15:38:20.000Z",
|
|
"description": "2013 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'ssl.gmnspace.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:38:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce6c-3074-4233-b8b6-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:38:20.000Z",
|
|
"modified": "2016-02-24T15:38:20.000Z",
|
|
"description": "2013 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'ssl.projectscorp.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:38:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce6c-a178-4ed0-85ca-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:38:20.000Z",
|
|
"modified": "2016-02-24T15:38:20.000Z",
|
|
"description": "2013 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'yahoo.gmnspace.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:38:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce6c-43b4-4a2e-986d-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:38:20.000Z",
|
|
"modified": "2016-02-24T15:38:20.000Z",
|
|
"description": "2013 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'yahoomail.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:38:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce98-ee84-4a67-9211-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:04.000Z",
|
|
"modified": "2016-02-24T15:39:04.000Z",
|
|
"description": "2014 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.238.229.128']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce99-a510-4dd7-921b-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:05.000Z",
|
|
"modified": "2016-02-24T15:39:05.000Z",
|
|
"description": "2014 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.255.72.68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce99-11fc-43a4-b7ee-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:05.000Z",
|
|
"modified": "2016-02-24T15:39:05.000Z",
|
|
"description": "2014 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.255.72.69']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce99-eb88-44df-bd55-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:05.000Z",
|
|
"modified": "2016-02-24T15:39:05.000Z",
|
|
"description": "2014 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '27.255.72.78']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce9a-6018-48e3-a0d0-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:06.000Z",
|
|
"modified": "2016-02-24T15:39:06.000Z",
|
|
"description": "2014 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.42.249.37']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce9a-3fac-4a69-8268-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:06.000Z",
|
|
"modified": "2016-02-24T15:39:06.000Z",
|
|
"description": "2014 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.171.240.154']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce9a-1180-42c4-bae5-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:06.000Z",
|
|
"modified": "2016-02-24T15:39:06.000Z",
|
|
"description": "2014 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.175.69.60']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdce9a-14a8-44df-af72-975b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:06.000Z",
|
|
"modified": "2016-02-24T15:39:06.000Z",
|
|
"description": "2014 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.175.69.89']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdceb8-7850-4383-a008-4f89950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:36.000Z",
|
|
"modified": "2016-02-24T15:39:36.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'b3fk.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdceb9-0afc-4d39-b11e-441b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:37.000Z",
|
|
"modified": "2016-02-24T15:39:37.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'bdt.wordoscorp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdceb9-0a00-4d54-9a3e-4153950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:37.000Z",
|
|
"modified": "2016-02-24T15:39:37.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'blog.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdceb9-ccf8-45c5-837c-4a64950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:37.000Z",
|
|
"modified": "2016-02-24T15:39:37.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'bygs.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdceba-b508-4afd-aab5-49d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:38.000Z",
|
|
"modified": "2016-02-24T15:39:38.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'cbgs.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdceba-f81c-4665-975d-49b4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:38.000Z",
|
|
"modified": "2016-02-24T15:39:38.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'cdic.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdceba-850c-41b4-b25c-458a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:38.000Z",
|
|
"modified": "2016-02-24T15:39:38.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'd2ch.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebb-62bc-4e8e-8e6d-4311950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:39.000Z",
|
|
"modified": "2016-02-24T15:39:39.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'dgfk.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebb-e940-4486-afa6-4e48950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:39.000Z",
|
|
"modified": "2016-02-24T15:39:39.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'guhk.moviestops.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebb-768c-4244-bb8e-4e1a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:39.000Z",
|
|
"modified": "2016-02-24T15:39:39.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'hglg.wordoscorp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebc-7934-496a-9062-4b8f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:40.000Z",
|
|
"modified": "2016-02-24T15:39:40.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'hjxt.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebc-f828-41fb-9f66-4c63950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:40.000Z",
|
|
"modified": "2016-02-24T15:39:40.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'home.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebc-7154-4e7c-bc56-4653950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:40.000Z",
|
|
"modified": "2016-02-24T15:39:40.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'hsy.moviestops.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebd-3fb0-487d-a39b-4279950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:41.000Z",
|
|
"modified": "2016-02-24T15:39:41.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'image.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebd-7fdc-4e3c-9332-437f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:41.000Z",
|
|
"modified": "2016-02-24T15:39:41.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'jggs.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebd-b240-4161-bca7-4d65950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:41.000Z",
|
|
"modified": "2016-02-24T15:39:41.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'jrfw.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebe-b388-467b-903d-49f4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:42.000Z",
|
|
"modified": "2016-02-24T15:39:42.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'jrgs.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebe-381c-4362-8ead-4538950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:42.000Z",
|
|
"modified": "2016-02-24T15:39:42.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'movie.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebe-2f60-45ec-8e7a-4487950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:42.000Z",
|
|
"modified": "2016-02-24T15:39:42.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'music.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebf-3504-44d9-969f-463c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:43.000Z",
|
|
"modified": "2016-02-24T15:39:43.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'news.elecarrow.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebf-09fc-49f9-ab0f-42be950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:43.000Z",
|
|
"modified": "2016-02-24T15:39:43.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'pic.glkjcorp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcebf-59c4-4f46-a278-457f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:43.000Z",
|
|
"modified": "2016-02-24T15:39:43.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'pics.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec0-de54-4d69-ab6d-4f28950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:44.000Z",
|
|
"modified": "2016-02-24T15:39:44.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'pics.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec0-599c-4de9-81d6-4cc4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:44.000Z",
|
|
"modified": "2016-02-24T15:39:44.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'ruag.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec0-54c8-48d5-abfe-4af3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:44.000Z",
|
|
"modified": "2016-02-24T15:39:44.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'sgad.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec1-18e0-4f63-9b79-4d20950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:45.000Z",
|
|
"modified": "2016-02-24T15:39:45.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'smgs.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec1-84a8-4509-affd-4e99950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:45.000Z",
|
|
"modified": "2016-02-24T15:39:45.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'sport.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec1-d424-4b79-a414-4c8f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:45.000Z",
|
|
"modified": "2016-02-24T15:39:45.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'ssl.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec2-ef9c-4023-999c-4ebc950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:46.000Z",
|
|
"modified": "2016-02-24T15:39:46.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'tdfg.moviestops.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec2-9288-4cf5-8fe3-4d68950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:46.000Z",
|
|
"modified": "2016-02-24T15:39:46.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'tqsj.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec2-3e30-4c7e-8c05-4a3f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:46.000Z",
|
|
"modified": "2016-02-24T15:39:46.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'tzcl.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec3-e794-4952-9bb9-4f36950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:47.000Z",
|
|
"modified": "2016-02-24T15:39:47.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'uworks.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec3-cd84-4c8d-9ef9-4c45950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:47.000Z",
|
|
"modified": "2016-02-24T15:39:47.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'video.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec3-3aa4-40b9-aa4a-46a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:47.000Z",
|
|
"modified": "2016-02-24T15:39:47.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'vod.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec3-3964-422e-9227-48dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:47.000Z",
|
|
"modified": "2016-02-24T15:39:47.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'wbjs.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec4-0d9c-427a-86a3-4ca0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:48.000Z",
|
|
"modified": "2016-02-24T15:39:48.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'web.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec4-5400-4c27-9f22-400a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:48.000Z",
|
|
"modified": "2016-02-24T15:39:48.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'wed.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec4-ec98-435d-9e4d-4cbf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:48.000Z",
|
|
"modified": "2016-02-24T15:39:48.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'xjgs.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec5-36ac-4a9d-950c-4979950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:49.000Z",
|
|
"modified": "2016-02-24T15:39:49.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'xkgs.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcec5-9c10-4497-a096-4b17950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:39:49.000Z",
|
|
"modified": "2016-02-24T15:39:49.000Z",
|
|
"description": "2014 C2 hostnames",
|
|
"pattern": "[domain-name:value = 'ygfk.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:39:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcedd-467c-44a5-b22e-4b5c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:13.000Z",
|
|
"modified": "2016-02-24T15:40:13.000Z",
|
|
"description": "2015 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.10.139.218']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcedd-a7d0-4240-9a68-440c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:13.000Z",
|
|
"modified": "2016-02-24T15:40:13.000Z",
|
|
"description": "2015 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.163.143']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcede-6030-4bd8-8ae6-4bf2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:14.000Z",
|
|
"modified": "2016-02-24T15:40:14.000Z",
|
|
"description": "2015 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.117.148']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcede-3c88-4b52-a7bd-431e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:14.000Z",
|
|
"modified": "2016-02-24T15:40:14.000Z",
|
|
"description": "2015 C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.99.37.87']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcefa-ecf0-43bb-a1e9-c31b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:42.000Z",
|
|
"modified": "2016-02-24T15:40:42.000Z",
|
|
"description": "2015 C2 Hostnames",
|
|
"pattern": "[domain-name:value = 'ekzy.gmnspace.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcefb-6bcc-4912-913c-c31b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:43.000Z",
|
|
"modified": "2016-02-24T15:40:43.000Z",
|
|
"description": "2015 C2 Hostnames",
|
|
"pattern": "[domain-name:value = 'hsjs.wordoscorp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcefb-7624-4026-9d73-c31b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:43.000Z",
|
|
"modified": "2016-02-24T15:40:43.000Z",
|
|
"description": "2015 C2 Hostnames",
|
|
"pattern": "[domain-name:value = 'jnhs.tomshardpc.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcefb-d588-461a-a3a7-c31b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:43.000Z",
|
|
"modified": "2016-02-24T15:40:43.000Z",
|
|
"description": "2015 C2 Hostnames",
|
|
"pattern": "[domain-name:value = 'rjby.tomshardpc.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcefb-d230-42b2-8512-c31b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:43.000Z",
|
|
"modified": "2016-02-24T15:40:43.000Z",
|
|
"description": "2015 C2 Hostnames",
|
|
"pattern": "[domain-name:value = 'rjjh.wordoscorp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcefc-fe08-4a47-8d6f-c31b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:44.000Z",
|
|
"modified": "2016-02-24T15:40:44.000Z",
|
|
"description": "2015 C2 Hostnames",
|
|
"pattern": "[domain-name:value = 'ssl.exemail.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcefc-0920-495e-96d1-c31b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:44.000Z",
|
|
"modified": "2016-02-24T15:40:44.000Z",
|
|
"description": "2015 C2 Hostnames",
|
|
"pattern": "[domain-name:value = 'tzz.exemail.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcefc-f3f4-4e3f-8c0d-c31b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:44.000Z",
|
|
"modified": "2016-02-24T15:40:44.000Z",
|
|
"description": "2015 C2 Hostnames",
|
|
"pattern": "[domain-name:value = 'up.adobekr.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcefc-aa20-4222-91d6-c31b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:44.000Z",
|
|
"modified": "2016-02-24T15:40:44.000Z",
|
|
"description": "2015 C2 Hostnames",
|
|
"pattern": "[domain-name:value = 'v.exemail.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcefd-5080-4251-9a34-c31b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:45.000Z",
|
|
"modified": "2016-02-24T15:40:45.000Z",
|
|
"description": "2015 C2 Hostnames",
|
|
"pattern": "[domain-name:value = 'wih365.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcefd-bf28-41c0-93d8-c31b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:45.000Z",
|
|
"modified": "2016-02-24T15:40:45.000Z",
|
|
"description": "2015 C2 Hostnames",
|
|
"pattern": "[domain-name:value = 'yqby.wordoscorp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcefd-e010-4e52-b458-c31b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:40:45.000Z",
|
|
"modified": "2016-02-24T15:40:45.000Z",
|
|
"description": "2015 C2 Hostnames",
|
|
"pattern": "[domain-name:value = 'zpgx.tomshardpc.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:40:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfbb-ec9c-4b0c-adc4-44f6950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:43:55.000Z",
|
|
"modified": "2016-02-24T15:43:55.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = '10kjd.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:43:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfbb-eda8-4580-b2cd-4603950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:43:55.000Z",
|
|
"modified": "2016-02-24T15:43:55.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = '1stone.zapto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:43:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfbc-6974-4a8c-a3ca-4cb1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:43:56.000Z",
|
|
"modified": "2016-02-24T15:43:56.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:43:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfbc-dcbc-4f64-bcd1-4149950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:43:56.000Z",
|
|
"modified": "2016-02-24T15:43:56.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:43:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfbc-034c-4a00-abc7-41f7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:43:56.000Z",
|
|
"modified": "2016-02-24T15:43:56.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'aqyj.tomshardpc.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:43:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfbd-3bbc-4f37-8a82-444f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:43:57.000Z",
|
|
"modified": "2016-02-24T15:43:57.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'bdgs.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:43:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfbd-b728-4907-8e3e-4a57950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:43:57.000Z",
|
|
"modified": "2016-02-24T15:43:57.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'blog.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:43:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfbd-fb84-407a-af27-48ce950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:43:57.000Z",
|
|
"modified": "2016-02-24T15:43:57.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'blog.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:43:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfbe-ec50-4e14-8fda-400f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:43:58.000Z",
|
|
"modified": "2016-02-24T15:43:58.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'blog.wih365.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:43:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfbe-9d74-4dbb-919e-410f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:43:58.000Z",
|
|
"modified": "2016-02-24T15:43:58.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'bybf.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:43:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfbe-7194-4d64-87d6-4757950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:43:58.000Z",
|
|
"modified": "2016-02-24T15:43:58.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'cxks.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:43:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfbf-d584-401a-95ac-4d2a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:43:59.000Z",
|
|
"modified": "2016-02-24T15:43:59.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'dghk.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:43:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfbf-cea0-4e6d-9452-44a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:43:59.000Z",
|
|
"modified": "2016-02-24T15:43:59.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'down.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:43:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfbf-9bdc-430c-a34d-4dcf950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:43:59.000Z",
|
|
"modified": "2016-02-24T15:43:59.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'elecarrow.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:43:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc0-efa4-49a9-9ac5-4f75950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:00.000Z",
|
|
"modified": "2016-02-24T15:44:00.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'exemail.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc0-7b50-427c-9334-4fd5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:00.000Z",
|
|
"modified": "2016-02-24T15:44:00.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'flash.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc0-0bac-4705-a758-4c8b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:00.000Z",
|
|
"modified": "2016-02-24T15:44:00.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'fngs.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc1-3808-49c6-aeb8-4732950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:01.000Z",
|
|
"modified": "2016-02-24T15:44:01.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'fsw.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc1-f1a0-4593-ade5-46e5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:01.000Z",
|
|
"modified": "2016-02-24T15:44:01.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'ghlc.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc1-e39c-4c96-9aea-4768950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:01.000Z",
|
|
"modified": "2016-02-24T15:44:01.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'glkjcorp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc2-19d4-434a-ba21-4cfb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:02.000Z",
|
|
"modified": "2016-02-24T15:44:02.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'gmnspace.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc2-a878-43d2-bbcd-4213950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:02.000Z",
|
|
"modified": "2016-02-24T15:44:02.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'hkabinc.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc2-ed44-473c-bbc2-41da950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:02.000Z",
|
|
"modified": "2016-02-24T15:44:02.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'hkmj.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc3-0354-4c47-a163-4172950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:03.000Z",
|
|
"modified": "2016-02-24T15:44:03.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'iccbhhjdgb.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc3-e9e4-4293-831c-40f5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:03.000Z",
|
|
"modified": "2016-02-24T15:44:03.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'image.hkabinc.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc3-a4a4-4abd-8d27-485c950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:03.000Z",
|
|
"modified": "2016-02-24T15:44:03.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'js.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc3-1578-4f9a-aeed-49b4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:03.000Z",
|
|
"modified": "2016-02-24T15:44:03.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'js.exemail.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc4-a64c-44a7-acac-416a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:04.000Z",
|
|
"modified": "2016-02-24T15:44:04.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'kj.uuvod.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc4-6410-4be4-b5cc-446f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:04.000Z",
|
|
"modified": "2016-02-24T15:44:04.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'krgt.tomshardpc.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc4-ad78-4b92-8c4a-4f57950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:04.000Z",
|
|
"modified": "2016-02-24T15:44:04.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'lhbf.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc5-319c-4707-8c75-45d3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:05.000Z",
|
|
"modified": "2016-02-24T15:44:05.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'login.adobekr.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc5-8cd8-4d1a-84b6-4aa9950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:05.000Z",
|
|
"modified": "2016-02-24T15:44:05.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'login.wih365.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc5-1598-4ec5-950b-4eeb950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:05.000Z",
|
|
"modified": "2016-02-24T15:44:05.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'microbing.oicp.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc6-999c-4aec-a7e0-45e8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:06.000Z",
|
|
"modified": "2016-02-24T15:44:06.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'mobile.yqby.wordoscorp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc6-1084-4b7a-b099-414a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:06.000Z",
|
|
"modified": "2016-02-24T15:44:06.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'moviestops.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc6-10f4-416e-bbf7-404a950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:06.000Z",
|
|
"modified": "2016-02-24T15:44:06.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'net.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc6-ec8c-45e3-ac60-4933950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:06.000Z",
|
|
"modified": "2016-02-24T15:44:06.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'news.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc7-fea4-4cb0-8473-4c70950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:07.000Z",
|
|
"modified": "2016-02-24T15:44:07.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'pic.hkabinc.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc7-7a94-41fd-8dd4-45a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:07.000Z",
|
|
"modified": "2016-02-24T15:44:07.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'projectscorp.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc7-8854-4472-8d47-48fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:07.000Z",
|
|
"modified": "2016-02-24T15:44:07.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'rbxr.tomshardpc.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc8-67d4-42dd-9fdf-4da0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:08.000Z",
|
|
"modified": "2016-02-24T15:44:08.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'rmax.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc8-1720-4a2c-bbc0-49c5950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:08.000Z",
|
|
"modified": "2016-02-24T15:44:08.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'sane.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc8-4900-4d4e-85ba-4588950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:08.000Z",
|
|
"modified": "2016-02-24T15:44:08.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc8-a0ac-46d2-a29c-4054950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:08.000Z",
|
|
"modified": "2016-02-24T15:44:08.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'showjiao.imzone.in']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc9-c788-42c0-9619-4249950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:09.000Z",
|
|
"modified": "2016-02-24T15:44:09.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'showshow.7766.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc9-c5f8-49f2-b54a-4327950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:09.000Z",
|
|
"modified": "2016-02-24T15:44:09.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'ssl.elecarrow.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfc9-edc4-4000-a26d-4807950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:09.000Z",
|
|
"modified": "2016-02-24T15:44:09.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'sslmails.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfca-fce4-44af-ba05-4b87950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:10.000Z",
|
|
"modified": "2016-02-24T15:44:10.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'sybf.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfca-d8bc-4452-a933-47dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:10.000Z",
|
|
"modified": "2016-02-24T15:44:10.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'tcgs.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfca-7084-46c3-b21b-4f3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:10.000Z",
|
|
"modified": "2016-02-24T15:44:10.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'tech.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfca-d2d8-4dbc-9765-4084950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:10.000Z",
|
|
"modified": "2016-02-24T15:44:10.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'test.uuvod.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfcb-db14-4d00-96d0-494b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:11.000Z",
|
|
"modified": "2016-02-24T15:44:11.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'tomshardpc.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfcb-e920-4e6a-a816-40be950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:11.000Z",
|
|
"modified": "2016-02-24T15:44:11.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'update.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfcb-8594-4fed-8004-44c7950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:11.000Z",
|
|
"modified": "2016-02-24T15:44:11.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'vod.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfcb-0840-490e-acdd-4404950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:11.000Z",
|
|
"modified": "2016-02-24T15:44:11.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'vpntemp.3322.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfcc-ad88-40cf-9bda-4221950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:12.000Z",
|
|
"modified": "2016-02-24T15:44:12.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'wordoscorp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfcc-501c-4c29-abb9-47e4950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:12.000Z",
|
|
"modified": "2016-02-24T15:44:12.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'www.adobeus.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfcc-ca0c-423e-b374-4592950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:12.000Z",
|
|
"modified": "2016-02-24T15:44:12.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'www.projectscorp.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfcc-71e8-4c07-9fc3-47e1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:12.000Z",
|
|
"modified": "2016-02-24T15:44:12.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'www.wih365.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfcd-f358-482f-9f1d-499b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:13.000Z",
|
|
"modified": "2016-02-24T15:44:13.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'xrgt.tomshardpc.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfcd-86e8-46c9-bf95-478b950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:13.000Z",
|
|
"modified": "2016-02-24T15:44:13.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'xrgt.wordoscorp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfce-fbac-4866-aeba-46f1950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:13.000Z",
|
|
"modified": "2016-02-24T15:44:13.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'yjbf.amazonwikis.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfce-485c-4527-8066-4066950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:14.000Z",
|
|
"modified": "2016-02-24T15:44:14.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'yjxy.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfce-9780-4337-bb21-4dd8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:14.000Z",
|
|
"modified": "2016-02-24T15:44:14.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'zdzl.sfcorporation.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfcf-3540-41e2-9e88-4eb2950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:15.000Z",
|
|
"modified": "2016-02-24T15:44:15.000Z",
|
|
"description": "C2 hostnames",
|
|
"pattern": "[domain-name:value = 'ziper.imbbs.in']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfe0-0db0-4469-b722-ff01950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:32.000Z",
|
|
"modified": "2016-02-24T15:44:32.000Z",
|
|
"description": "C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '111.67.199.222']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfe0-87ec-45d2-b22a-ff01950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:32.000Z",
|
|
"modified": "2016-02-24T15:44:32.000Z",
|
|
"description": "C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '116.255.131.152']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfe0-3324-404e-9184-ff01950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:32.000Z",
|
|
"modified": "2016-02-24T15:44:32.000Z",
|
|
"description": "C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.105.192.3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfe1-bb80-4402-aa5b-ff01950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:33.000Z",
|
|
"modified": "2016-02-24T15:44:33.000Z",
|
|
"description": "C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.22.125.58']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfe1-b4a0-4d2b-aa55-ff01950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:33.000Z",
|
|
"modified": "2016-02-24T15:44:33.000Z",
|
|
"description": "C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.188.13.133']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56cdcfe1-5a24-4191-a499-ff01950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-24T15:44:33.000Z",
|
|
"modified": "2016-02-24T15:44:33.000Z",
|
|
"description": "C2 IP",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '59.188.13.137']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-24T15:44:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--56d3cf5c-a42c-4928-af4a-47f102de0b81",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-29T04:55:56.000Z",
|
|
"modified": "2016-02-29T04:55:56.000Z",
|
|
"first_observed": "2016-02-29T04:55:56Z",
|
|
"last_observed": "2016-02-29T04:55:56Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--56d3cf5c-a42c-4928-af4a-47f102de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--56d3cf5c-a42c-4928-af4a-47f102de0b81",
|
|
"value": "https://github.com/Yara-Rules/rules/blob/master/malware/Operation_Dust_storm.yar"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |