misp-circl-feed/feeds/circl/misp/5af14dc2-e6fc-41be-a917-865d950d210f.json

1781 lines
No EOL
74 KiB
JSON

{
"type": "bundle",
"id": "bundle--5af14dc2-e6fc-41be-a917-865d950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-09-24T08:43:32.000Z",
"modified": "2018-09-24T08:43:32.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5af14dc2-e6fc-41be-a917-865d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-09-24T08:43:32.000Z",
"modified": "2018-09-24T08:43:32.000Z",
"name": "OSINT - Malicious Documents Targeting Security Professionals",
"context": "suspicious-activity",
"object_refs": [
"observed-data--5af14e94-9914-4907-b0fe-86a0950d210f",
"url--5af14e94-9914-4907-b0fe-86a0950d210f",
"x-misp-attribute--5af19b99-e94c-4553-8161-4273950d210f",
"indicator--5af19a71-83f8-4b1d-a40a-474a950d210f",
"indicator--5af19a70-3148-49a0-a827-4f48950d210f",
"indicator--5af19a70-2078-4023-9df3-4ac7950d210f",
"indicator--5af19a70-2a3c-456c-9960-4241950d210f",
"indicator--5af19a6f-fd10-4266-b7d6-4c3c950d210f",
"indicator--5af19a6f-e62c-425c-a2f8-4873950d210f",
"indicator--5af19a6e-5498-42df-b551-40cd950d210f",
"indicator--5af19a6e-6540-41da-8bad-43b8950d210f",
"indicator--5af19a6d-8f4c-4bbb-8e2a-411a950d210f",
"indicator--5af19a6d-5c48-4ee1-83ad-43bb950d210f",
"indicator--5af19a6c-49cc-4ec7-a001-4b81950d210f",
"indicator--5af19a6c-0180-4082-a38a-43eb950d210f",
"indicator--5af19a6c-9c20-42c3-8068-4531950d210f",
"indicator--5af19a6b-043c-446b-b689-4f22950d210f",
"indicator--5af19a6b-1e40-41b1-9eab-409f950d210f",
"indicator--5af19a6a-4adc-4e8d-b17f-4443950d210f",
"indicator--5af19a6a-7868-4680-b1f4-42f7950d210f",
"indicator--5af19a6a-931c-49f2-a751-4fd5950d210f",
"indicator--5af19a69-0ae0-4e62-8641-4ab3950d210f",
"indicator--5af19a69-7294-47e3-b9f7-49f7950d210f",
"indicator--5af19a68-1acc-473c-913c-4ad9950d210f",
"indicator--5af19a68-4948-4be3-b110-4037950d210f",
"indicator--5af19a68-ab70-472f-9767-466c950d210f",
"indicator--5af19a67-84fc-406c-8f62-4f8b950d210f",
"indicator--5af19a67-a17c-4c26-8311-435a950d210f",
"indicator--5af19a66-9c64-4813-8edb-46fb950d210f",
"indicator--5af19a66-58a0-4c24-8b76-43cc950d210f",
"indicator--5af19a66-62bc-42e3-9963-40a1950d210f",
"indicator--5af19a65-51e8-4408-9455-4f56950d210f",
"indicator--5af19a65-68f0-4291-b9d8-4157950d210f",
"indicator--5af19a64-682c-4b97-a62b-458b950d210f",
"indicator--5af19a64-d5e0-4675-9dda-426d950d210f",
"indicator--5af19a64-054c-49d7-a3fe-4559950d210f",
"indicator--5af19a63-f814-405d-8d73-4470950d210f",
"indicator--5af19a63-f0d8-4576-90d9-4d5d950d210f",
"indicator--5af19a62-58e0-4b68-a495-4718950d210f",
"indicator--5af19a62-3544-4c09-810c-40e2950d210f",
"indicator--5af19a62-3f68-4337-915d-45c8950d210f",
"indicator--5af19a61-dbac-4eef-87e3-461b950d210f",
"indicator--5af19a60-446c-4ca8-9ff8-4232950d210f",
"indicator--5af19a5f-246c-4f93-8b55-4121950d210f",
"indicator--5af19a5f-fcf4-4915-b11d-4a1f950d210f",
"indicator--5af19a5f-9e70-48d0-abfb-4df5950d210f",
"indicator--5af19a5e-0e20-4e33-9a94-405c950d210f",
"indicator--5af19a5e-6b84-4031-8012-43c7950d210f",
"indicator--5af19a5d-01c0-4ed9-9b6d-4493950d210f",
"indicator--5af19a5d-999c-4530-9b17-4c88950d210f",
"indicator--5af19a5c-a474-4a26-8cc0-4666950d210f",
"indicator--5af19a5c-9cb4-4fbd-9981-4b68950d210f",
"indicator--5af19a5b-4044-4cf8-a777-46b3950d210f",
"indicator--5af19b1d-a4b4-4ceb-8f5d-4d23950d210f",
"indicator--5af19b2f-11f0-400f-a7c0-4d86950d210f",
"indicator--5af19b44-a0ac-4250-b880-4b8b950d210f",
"indicator--5af19b54-e774-4814-9e53-4631950d210f",
"indicator--5af19b65-88d4-4364-b0e2-473f950d210f",
"indicator--b2f4c01b-8691-431e-95ef-0f5c5e6d9cef",
"x-misp-object--6dcce3e6-fc8f-4baa-971e-d34c306859d6",
"indicator--35bebeb6-e3a6-49e9-a792-e27c8bd58680",
"x-misp-object--471ea070-b931-49b8-84f1-3aa17142616e",
"indicator--8caa1fad-a8c8-4a0b-9018-713c9b43f2ab",
"x-misp-object--19df72d9-0e07-4e64-b85a-a67e7cbd5461",
"indicator--3afb1d2d-918f-4ee3-8883-a746fcefb16c",
"x-misp-object--56fe1a5a-c8af-4c8d-9d1c-cd8d1d923330",
"indicator--17ef59e9-90d1-419f-8e13-876d80929841",
"x-misp-object--d4a9873f-1361-4dca-86f4-46145a25efde",
"relationship--e68801a5-0437-47a6-8706-371b4bb781e4",
"relationship--b76216fe-abb1-4cbd-8ebd-d9e89cf84198",
"relationship--48742284-af3f-40cb-b7e9-b02ad8d0ba3c",
"relationship--701d1687-547d-44b5-93e0-2e93f0ed7e0b",
"relationship--95b33e7a-e47c-466e-853d-1defe4de16dc"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"admiralty-scale:information-credibility=\"4\"",
"estimative-language:confidence-in-analytic-judgment=\"low\"",
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT28\"",
"misp-galaxy:microsoft-activity-group=\"STRONTIUM\"",
"misp-galaxy:mitre-mobile-attack-intrusion-set=\"APT28 - G0007\"",
"misp-galaxy:threat-actor=\"Sofacy\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5af14e94-9914-4907-b0fe-86a0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:39.000Z",
"modified": "2018-05-08T12:50:39.000Z",
"first_observed": "2018-05-08T12:50:39Z",
"last_observed": "2018-05-08T12:50:39Z",
"number_observed": 1,
"object_refs": [
"url--5af14e94-9914-4907-b0fe-86a0950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5af14e94-9914-4907-b0fe-86a0950d210f",
"value": "https://www.jigsawsecurityenterprise.com/single-post/2017/11/01/Malicious-Documents-Targeting-Security-Professionals"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5af19b99-e94c-4553-8161-4273950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:39.000Z",
"modified": "2018-05-08T12:50:39.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Cisco Talos discovered a new malicious campaign from the well known actor Group 74 (aka Tsar Team, Sofacy, APT28, Fancy Bear\u2026). Ironically the decoy document is a flyer concerning the Cyber Conflict U.S. conference organized by the NATO Cooperative Cyber Defence Centre of Excellence on 7-8 November 2017 at Washington, D.C. Due to the nature of this document, we assume that this campaign targets people with an interest in cyber security. Unlike previous campaigns from this actor, the flyer does not contain an Office exploit or a 0-day, it simply contains a malicious Visual Basic for Applications (VBA) macro."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a71-83f8-4b1d-a40a-474a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:40.000Z",
"modified": "2018-05-08T12:50:40.000Z",
"pattern": "[domain-name:value = 'www.sdhjjekfp4k.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a70-3148-49a0-a827-4f48950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:40.000Z",
"modified": "2018-05-08T12:50:40.000Z",
"pattern": "[domain-name:value = 'www.cdnmsnupdate.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a70-2078-4023-9df3-4ac7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:41.000Z",
"modified": "2018-05-08T12:50:41.000Z",
"pattern": "[domain-name:value = 'www.adobeproduct.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a70-2a3c-456c-9960-4241950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:41.000Z",
"modified": "2018-05-08T12:50:41.000Z",
"pattern": "[domain-name:value = 'windows81.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a6f-fd10-4266-b7d6-4c3c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:41.000Z",
"modified": "2018-05-08T12:50:41.000Z",
"pattern": "[domain-name:value = 'windows.mswordupdate17.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a6f-e62c-425c-a2f8-4873950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:42.000Z",
"modified": "2018-05-08T12:50:42.000Z",
"pattern": "[domain-name:value = 'w9umi9wrvzsvlvstvfvslbumdfdvda5tl.1.d.255.adobeproduct.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a6e-5498-42df-b551-40cd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:42.000Z",
"modified": "2018-05-08T12:50:42.000Z",
"pattern": "[domain-name:value = 'vascothreatscan.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a6e-6540-41da-8bad-43b8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:43.000Z",
"modified": "2018-05-08T12:50:43.000Z",
"pattern": "[domain-name:value = 'sinkhole.tigersecurity.pro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a6d-8f4c-4bbb-8e2a-411a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:43.000Z",
"modified": "2018-05-08T12:50:43.000Z",
"pattern": "[domain-name:value = 'runssnetworks.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a6d-5c48-4ee1-83ad-43bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:43.000Z",
"modified": "2018-05-08T12:50:43.000Z",
"pattern": "[domain-name:value = 'protectingsearch.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a6c-49cc-4ec7-a001-4b81950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:44.000Z",
"modified": "2018-05-08T12:50:44.000Z",
"pattern": "[domain-name:value = 'peacefund.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a6c-0180-4082-a38a-43eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:44.000Z",
"modified": "2018-05-08T12:50:44.000Z",
"pattern": "[domain-name:value = 'ns3.cdnmsnupdate.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a6c-9c20-42c3-8068-4531950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:45.000Z",
"modified": "2018-05-08T12:50:45.000Z",
"pattern": "[domain-name:value = 'ns2.ntpupdateserver.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a6b-043c-446b-b689-4f22950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:45.000Z",
"modified": "2018-05-08T12:50:45.000Z",
"pattern": "[domain-name:value = 'ns2.cdnmsnupdate.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a6b-1e40-41b1-9eab-409f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:46.000Z",
"modified": "2018-05-08T12:50:46.000Z",
"pattern": "[domain-name:value = 'ns1.cdnmsnupdate.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a6a-4adc-4e8d-b17f-4443950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:46.000Z",
"modified": "2018-05-08T12:50:46.000Z",
"pattern": "[domain-name:value = 'networkschecker.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a6a-7868-4680-b1f4-42f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:47.000Z",
"modified": "2018-05-08T12:50:47.000Z",
"pattern": "[domain-name:value = 'n.n.c.303ff7b225c14f1498a2.cdnmsnupdate.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a6a-931c-49f2-a751-4fd5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:47.000Z",
"modified": "2018-05-08T12:50:47.000Z",
"pattern": "[domain-name:value = 'n.n.c.26055.adobeproduct.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a69-0ae0-4e62-8641-4ab3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:47.000Z",
"modified": "2018-05-08T12:50:47.000Z",
"pattern": "[domain-name:value = 'n.n.c.255.adobeproduct.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a69-7294-47e3-b9f7-49f7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:48.000Z",
"modified": "2018-05-08T12:50:48.000Z",
"pattern": "[domain-name:value = 'n.3.f.255.adobeproduct.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a68-1acc-473c-913c-4ad9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:48.000Z",
"modified": "2018-05-08T12:50:48.000Z",
"pattern": "[domain-name:value = 'myinvestgroup.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a68-4948-4be3-b110-4037950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:49.000Z",
"modified": "2018-05-08T12:50:49.000Z",
"pattern": "[domain-name:value = 'msoffice-cdn.comns3.cdnmsnupdate.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a68-ab70-472f-9767-466c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:49.000Z",
"modified": "2018-05-08T12:50:49.000Z",
"pattern": "[domain-name:value = 'microsoftupdated.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a67-84fc-406c-8f62-4f8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:50.000Z",
"modified": "2018-05-08T12:50:50.000Z",
"pattern": "[domain-name:value = 'maskulan.dynu.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a67-a17c-4c26-8311-435a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:50.000Z",
"modified": "2018-05-08T12:50:50.000Z",
"pattern": "[domain-name:value = 'maskulan.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a66-9c64-4813-8edb-46fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:51.000Z",
"modified": "2018-05-08T12:50:51.000Z",
"pattern": "[domain-name:value = 'jflynci.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a66-58a0-4c24-8b76-43cc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:51.000Z",
"modified": "2018-05-08T12:50:51.000Z",
"pattern": "[domain-name:value = 'jeremizo888.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a66-62bc-42e3-9963-40a1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:51.000Z",
"modified": "2018-05-08T12:50:51.000Z",
"pattern": "[domain-name:value = 'ip113.ip-91-134-203.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a65-51e8-4408-9455-4f56950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:52.000Z",
"modified": "2018-05-08T12:50:52.000Z",
"pattern": "[domain-name:value = 'ikmtrust.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a65-68f0-4291-b9d8-4157950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:52.000Z",
"modified": "2018-05-08T12:50:52.000Z",
"pattern": "[domain-name:value = 'hhcghibvywzedwa2iyvsuzzhx8.2.d.255.adobeproduct.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a64-682c-4b97-a62b-458b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:53.000Z",
"modified": "2018-05-08T12:50:53.000Z",
"pattern": "[domain-name:value = 'googlea.net63.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a64-d5e0-4675-9dda-426d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:53.000Z",
"modified": "2018-05-08T12:50:53.000Z",
"pattern": "[domain-name:value = 'fsportal.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a64-054c-49d7-a3fe-4559950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:53.000Z",
"modified": "2018-05-08T12:50:53.000Z",
"pattern": "[domain-name:value = 'flashcontentdelivery.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a63-f814-405d-8d73-4470950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:54.000Z",
"modified": "2018-05-08T12:50:54.000Z",
"pattern": "[domain-name:value = 'faststoragefiles.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a63-f0d8-4576-90d9-4d5d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:54.000Z",
"modified": "2018-05-08T12:50:54.000Z",
"pattern": "[domain-name:value = 'fastfileconverter.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a62-58e0-4b68-a495-4718950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:55.000Z",
"modified": "2018-05-08T12:50:55.000Z",
"pattern": "[domain-name:value = 'elaxo.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a62-3544-4c09-810c-40e2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:55.000Z",
"modified": "2018-05-08T12:50:55.000Z",
"pattern": "[domain-name:value = 'd6261034c34.placehol-6f699a.c.mswordupdate17.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a62-3f68-4337-915d-45c8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:56.000Z",
"modified": "2018-05-08T12:50:56.000Z",
"pattern": "[domain-name:value = 'd6261024c34.placehol-6f699a.c.mswordupdate17.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a61-dbac-4eef-87e3-461b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:56.000Z",
"modified": "2018-05-08T12:50:56.000Z",
"pattern": "[domain-name:value = 'd6261013c34.placehol-6f699a.c.mswordupdate17.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a60-446c-4ca8-9ff8-4232950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:57.000Z",
"modified": "2018-05-08T12:50:57.000Z",
"pattern": "[domain-name:value = 'd6238210c34.placehol-6f699a.c.mswordupdate17.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a5f-246c-4f93-8b55-4121950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:57.000Z",
"modified": "2018-05-08T12:50:57.000Z",
"pattern": "[domain-name:value = 'd6238158c34.placehol-6f699a.c.mswordupdate17.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a5f-fcf4-4915-b11d-4a1f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:57.000Z",
"modified": "2018-05-08T12:50:57.000Z",
"pattern": "[domain-name:value = 'd6238111c34.placehol-6f699a.c.mswordupdate17.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:57Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a5f-9e70-48d0-abfb-4df5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:58.000Z",
"modified": "2018-05-08T12:50:58.000Z",
"pattern": "[domain-name:value = 'd6238051c34.placehol-6f699a.c.mswordupdate17.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a5e-0e20-4e33-9a94-405c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:58.000Z",
"modified": "2018-05-08T12:50:58.000Z",
"pattern": "[domain-name:value = 'd6231738c34.john-pc.c.mswordupdate17.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:58Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a5e-6b84-4031-8012-43c7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:59.000Z",
"modified": "2018-05-08T12:50:59.000Z",
"pattern": "[domain-name:value = 'carlos88.ddns.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a5d-01c0-4ed9-9b6d-4493950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:59.000Z",
"modified": "2018-05-08T12:50:59.000Z",
"pattern": "[domain-name:value = 'bonjourcheck.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a5d-999c-4530-9b17-4c88950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:50:59.000Z",
"modified": "2018-05-08T12:50:59.000Z",
"pattern": "[domain-name:value = 'ahr0cdovlzkyljiymi4ymdkundkvywn0a.0.d.255.adobeproduct.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:50:59Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a5c-a474-4a26-8cc0-4666950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:51:00.000Z",
"modified": "2018-05-08T12:51:00.000Z",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.134.203.113']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:51:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a5c-9cb4-4fbd-9981-4b68950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:51:00.000Z",
"modified": "2018-05-08T12:51:00.000Z",
"pattern": "[domain-name:value = '357.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:51:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19a5b-4044-4cf8-a777-46b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:51:01.000Z",
"modified": "2018-05-08T12:51:01.000Z",
"pattern": "[domain-name:value = '200200.duckdns.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:51:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19b1d-a4b4-4ceb-8f5d-4d23950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:42:05.000Z",
"modified": "2018-05-08T12:42:05.000Z",
"pattern": "[file:hashes.SHA256 = '522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:42:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19b2f-11f0-400f-a7c0-4d86950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:42:23.000Z",
"modified": "2018-05-08T12:42:23.000Z",
"pattern": "[file:hashes.SHA256 = 'c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:42:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19b44-a0ac-4250-b880-4b8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:42:44.000Z",
"modified": "2018-05-08T12:42:44.000Z",
"pattern": "[file:hashes.SHA256 = 'e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:42:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19b54-e774-4814-9e53-4631950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:43:00.000Z",
"modified": "2018-05-08T12:43:00.000Z",
"pattern": "[file:hashes.SHA256 = 'ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:43:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5af19b65-88d4-4364-b0e2-473f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:43:17.000Z",
"modified": "2018-05-08T12:43:17.000Z",
"pattern": "[file:hashes.SHA256 = 'efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52' AND file:x_misp_state = 'Malicious']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:43:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--b2f4c01b-8691-431e-95ef-0f5c5e6d9cef",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:51:04.000Z",
"modified": "2018-05-08T12:51:04.000Z",
"pattern": "[file:hashes.MD5 = '60bc999ff14ee2f359130d6c1375b033' AND file:hashes.SHA1 = '142f524121fe16e1c67031f12015be4adec42bb7' AND file:hashes.SHA256 = '522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:51:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--6dcce3e6-fc8f-4baa-971e-d34c306859d6",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:51:03.000Z",
"modified": "2018-05-08T12:51:03.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/522fd9b35323af55113455d823571f71332e53dde988c2eb41395cf6b0c15805/analysis/1525212925/",
"category": "External analysis",
"uuid": "5af19d37-9f6c-4806-9332-476502de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/67",
"category": "Other",
"uuid": "5af19d37-72a0-4dc4-a527-474002de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-01 22:15:25",
"category": "Other",
"uuid": "5af19d37-43b0-48fb-b246-48b602de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--35bebeb6-e3a6-49e9-a792-e27c8bd58680",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:51:07.000Z",
"modified": "2018-05-08T12:51:07.000Z",
"pattern": "[file:hashes.MD5 = 'f52ea8f238e57e49bfae304bd656ad98' AND file:hashes.SHA1 = '169c8f3e3d22e192c108bc95164d362ce5437465' AND file:hashes.SHA256 = 'efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:51:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--471ea070-b931-49b8-84f1-3aa17142616e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:51:05.000Z",
"modified": "2018-05-08T12:51:05.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/efb235776851502672dba5ef45d96cc65cb9ebba1b49949393a6a85b9c822f52/analysis/1525739034/",
"category": "External analysis",
"uuid": "5af19d39-9aa8-49a4-b505-44de02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "37/59",
"category": "Other",
"uuid": "5af19d39-b33c-4eaf-b9dd-4cd502de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-08 00:23:54",
"category": "Other",
"uuid": "5af19d39-4144-45f2-92ae-4c0202de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--8caa1fad-a8c8-4a0b-9018-713c9b43f2ab",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:51:09.000Z",
"modified": "2018-05-08T12:51:09.000Z",
"pattern": "[file:hashes.MD5 = '94b288154e3d0225f86bb3c012fa8d63' AND file:hashes.SHA1 = '4873bafe44cff06845faa0ce7c270c4ce3c9f7b9' AND file:hashes.SHA256 = 'e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:51:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--19df72d9-0e07-4e64-b85a-a67e7cbd5461",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:51:07.000Z",
"modified": "2018-05-08T12:51:07.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/e5511b22245e26a003923ba476d7c36029939b2d1936e17a9b35b396467179ae/analysis/1525738483/",
"category": "External analysis",
"uuid": "5af19d3c-b5b4-4987-9f35-4dce02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "38/59",
"category": "Other",
"uuid": "5af19d3c-fcc8-4055-9b18-47e702de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-08 00:14:43",
"category": "Other",
"uuid": "5af19d3b-59d8-4a09-8ac8-488b02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--3afb1d2d-918f-4ee3-8883-a746fcefb16c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:51:11.000Z",
"modified": "2018-05-08T12:51:11.000Z",
"pattern": "[file:hashes.MD5 = 'fc7d4cde5d2266082966d80f5f1566b9' AND file:hashes.SHA1 = '8a68f26d01372114f660e32ac4c9117e5d0577f1' AND file:hashes.SHA256 = 'ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:51:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--56fe1a5a-c8af-4c8d-9d1c-cd8d1d923330",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:51:10.000Z",
"modified": "2018-05-08T12:51:10.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/ef027405492bc0719437eb58c3d2774cc87845f30c40040bbebbcc09a4e3dd18/analysis/1525739124/",
"category": "External analysis",
"uuid": "5af19d3e-0e54-4b99-8f39-437f02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "49/67",
"category": "Other",
"uuid": "5af19d3e-1f50-4efc-afa7-437902de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-08 00:25:24",
"category": "Other",
"uuid": "5af19d3e-4af0-416d-ba8e-45ab02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--17ef59e9-90d1-419f-8e13-876d80929841",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:51:14.000Z",
"modified": "2018-05-08T12:51:14.000Z",
"pattern": "[file:hashes.MD5 = '085be1b8b8f3e90be00f6a3bcea2879f' AND file:hashes.SHA1 = 'cc7607015cd7a1a4452acd3d87adabdd7e005bd7' AND file:hashes.SHA256 = 'c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-05-08T12:51:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--d4a9873f-1361-4dca-86f4-46145a25efde",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2018-05-08T12:51:12.000Z",
"modified": "2018-05-08T12:51:12.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/c4be15f9ccfecf7a463f3b1d4a17e7b4f95de939e057662c3f97b52f7fa3c52f/analysis/1525737660/",
"category": "External analysis",
"uuid": "5af19d40-d9e0-49c1-83a5-455602de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "31/60",
"category": "Other",
"uuid": "5af19d40-0110-49fa-8fbd-4c5502de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2018-05-08 00:01:00",
"category": "Other",
"uuid": "5af19d40-d024-4c29-8c9b-40c002de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--e68801a5-0437-47a6-8706-371b4bb781e4",
"created": "2018-05-08T12:51:13.000Z",
"modified": "2018-05-08T12:51:13.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--b2f4c01b-8691-431e-95ef-0f5c5e6d9cef",
"target_ref": "x-misp-object--6dcce3e6-fc8f-4baa-971e-d34c306859d6"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b76216fe-abb1-4cbd-8ebd-d9e89cf84198",
"created": "2018-05-08T12:51:13.000Z",
"modified": "2018-05-08T12:51:13.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--35bebeb6-e3a6-49e9-a792-e27c8bd58680",
"target_ref": "x-misp-object--471ea070-b931-49b8-84f1-3aa17142616e"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--48742284-af3f-40cb-b7e9-b02ad8d0ba3c",
"created": "2018-05-08T12:51:13.000Z",
"modified": "2018-05-08T12:51:13.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--8caa1fad-a8c8-4a0b-9018-713c9b43f2ab",
"target_ref": "x-misp-object--19df72d9-0e07-4e64-b85a-a67e7cbd5461"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--701d1687-547d-44b5-93e0-2e93f0ed7e0b",
"created": "2018-05-08T12:51:13.000Z",
"modified": "2018-05-08T12:51:13.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--3afb1d2d-918f-4ee3-8883-a746fcefb16c",
"target_ref": "x-misp-object--56fe1a5a-c8af-4c8d-9d1c-cd8d1d923330"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--95b33e7a-e47c-466e-853d-1defe4de16dc",
"created": "2018-05-08T12:51:13.000Z",
"modified": "2018-05-08T12:51:13.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--17ef59e9-90d1-419f-8e13-876d80929841",
"target_ref": "x-misp-object--d4a9873f-1361-4dca-86f4-46145a25efde"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}