adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5de6335d-e128-4bc0-87e2-4db4950d210f.json

1520 lines
No EOL
65 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--5de6335d-e128-4bc0-87e2-4db4950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:41:08.000Z",
"modified": "2020-01-20T15:41:08.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5de6335d-e128-4bc0-87e2-4db4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:41:08.000Z",
"modified": "2020-01-20T15:41:08.000Z",
"name": "OSINT - More than a Dozen Obfuscated APT33 Botnets Used for Extreme Narrow Targeting",
"published": "2020-01-20T15:58:34Z",
"object_refs": [
"observed-data--5de6382a-2234-43eb-bff9-4682950d210f",
"url--5de6382a-2234-43eb-bff9-4682950d210f",
"x-misp-attribute--5de64234-f680-4632-8685-4637950d210f",
"indicator--5de66ed7-e800-4ad9-b5b0-3e72950d210f",
"indicator--5de66ed7-5638-4021-91e9-3e72950d210f",
"indicator--5de66ed7-42b8-43e5-8e6e-3e72950d210f",
"indicator--5de66ed7-3438-48ee-973c-3e72950d210f",
"indicator--5de66ed7-8bec-4c8b-acb0-3e72950d210f",
"indicator--5de66ed7-9a94-4a54-815b-3e72950d210f",
"indicator--5de66ed7-8ae8-4c2b-8222-3e72950d210f",
"indicator--5de66ed7-0670-4133-b94e-3e72950d210f",
"indicator--5de66ed7-fd84-4e19-b86d-3e72950d210f",
"indicator--5de66ed7-1bcc-48fa-b76a-3e72950d210f",
"indicator--5de66ed7-3118-4d36-8eb9-3e72950d210f",
"indicator--5de6523d-de58-472f-9156-4d3e950d210f",
"observed-data--5de65459-590c-4181-98d5-4efa950d210f",
"email-message--5de65459-590c-4181-98d5-4efa950d210f",
"email-addr--5de65459-f94c-482e-b180-456c950d210f",
"observed-data--5de654b1-2f18-4646-9819-4f1b950d210f",
"email-message--5de654b1-2f18-4646-9819-4f1b950d210f",
"email-addr--5de654b2-3690-4be9-abf9-431b950d210f",
"observed-data--5de65f8c-c9d0-4a61-99e6-4c6e950d210f",
"email-message--5de65f8c-c9d0-4a61-99e6-4c6e950d210f",
"email-addr--5de65f8c-46b0-4f42-9c4a-48a0950d210f",
"observed-data--5de66884-3dac-4677-a9a7-226f950d210f",
"email-message--5de66884-3dac-4677-a9a7-226f950d210f",
"email-addr--5de66884-dbc4-4977-bbf5-226f950d210f",
"observed-data--5de668b6-6da0-4e21-a3ed-1e9a950d210f",
"email-message--5de668b6-6da0-4e21-a3ed-1e9a950d210f",
"email-addr--5de668b7-3984-4c0d-9f8e-1e9a950d210f",
"observed-data--5de66aa6-89f8-4ef4-9464-4ae2950d210f",
"email-message--5de66aa6-89f8-4ef4-9464-4ae2950d210f",
"email-addr--5de66aa7-f6e4-45b1-8346-4ae2950d210f",
"indicator--5de66b15-8000-4f4f-82f4-3e63950d210f",
"observed-data--5de66b98-18b4-4a53-924a-1179950d210f",
"email-message--5de66b98-18b4-4a53-924a-1179950d210f",
"email-addr--5de66b98-b8f0-4c32-bde2-1179950d210f",
"indicator--5de66bc8-ea38-4b6f-866b-3e74950d210f",
"observed-data--5de66be7-3a30-4ec6-b560-3e72950d210f",
"email-message--5de66be7-3a30-4ec6-b560-3e72950d210f",
"indicator--5de66e18-37bc-4d03-80a3-0458950d210f",
"indicator--5de66e3e-1334-4add-95d9-1bc6950d210f",
"indicator--5de66e5d-2724-41ec-8491-7ac9950d210f",
"indicator--c69e95e9-9f4a-47bd-9cca-df70112bf4ba",
"indicator--14ce7404-1d9e-489b-91c1-62bd49ac088a",
"indicator--33757eab-39f8-4dd3-bdc3-abe31bdb329e",
"indicator--dbf15608-73c3-4fdd-abec-cbd4abf42b9b",
"indicator--825ee3e8-ec27-47b1-93fd-800aac6cb009",
"indicator--286489c4-fc1a-4722-a1d2-0a2cef367629",
"indicator--0bdc7720-3ac3-40ae-bcc3-d6db34735dbd",
"indicator--c2fc02ff-1e36-4f10-8b9f-684ebdc9854b",
"indicator--043a1485-d6a4-45dc-b086-c3ff04371713",
"indicator--fbd5daea-0454-4809-9ce2-9b1bf3898953",
"indicator--54702d2c-5a8a-4a1f-8ab0-793464fc828f",
"indicator--2db4134a-4d62-4ebe-b3f1-6c1c15437ff8",
"indicator--4cf21017-f924-403b-ab8e-380573ea512e",
"indicator--94a30556-2476-4fd2-94d6-06a151831884",
"indicator--87d3ad19-a9e7-4e25-a695-ea5b4a1b8c5d",
"indicator--ee15f4bd-db1d-4297-a53b-9ab11ab65716",
"indicator--a846ef5e-c63a-4068-984b-8cdc38ef617b",
"indicator--1b6633ee-60c0-48fb-8b49-6fcc7d411309",
"indicator--c3feb2d0-0ebe-47e6-b0da-ad419ea6aee7",
"indicator--e0c182b5-2961-461b-bc17-36cc4ff11dc5",
"indicator--fd1343f2-286e-4036-b9a8-1adff8eb2479",
"indicator--e9693797-9115-4631-972d-7a8e0e3a1e9e",
"indicator--82666f1d-b22b-436e-979d-5d75e303e141",
"indicator--5ac505ff-4ea6-4dbd-8dd8-75a55c32741e",
"indicator--71915c2b-eb82-44d7-90d4-566307cca0a5",
"indicator--96669752-aadb-43b9-8c29-7ccec173980d",
"indicator--ad36a520-c695-43b7-8ad2-a7de2481e6da",
"indicator--62f6f45e-a6b4-4dd4-9d7f-3ffb6a7c194d",
"indicator--9cf77da3-bde0-4a41-874f-60c45953b1e0"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"\tmalware_classification:malware-category=\"Botnet\"",
"malware_classification:malware-category=\"Botnet\"",
"misp-galaxy:mitre-enterprise-attack-intrusion-set=\"APT33 - G0064\"",
"misp-galaxy:mitre-intrusion-set=\"APT33 - G0064\"",
"misp-galaxy:threat-actor=\"APT33\"",
"misp-galaxy:threat-actor=\"MAGNALLIUM\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5de6382a-2234-43eb-bff9-4682950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T11:53:19.000Z",
"modified": "2019-12-03T11:53:19.000Z",
"first_observed": "2019-12-03T11:53:19Z",
"last_observed": "2019-12-03T11:53:19Z",
"number_observed": 1,
"object_refs": [
"url--5de6382a-2234-43eb-bff9-4682950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5de6382a-2234-43eb-bff9-4682950d210f",
"value": "https://blog.trendmicro.com/trendlabs-security-intelligence/more-than-a-dozen-obfuscated-apt33-botnets-used-for-extreme-narrow-targeting/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--5de64234-f680-4632-8685-4637950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T11:53:36.000Z",
"modified": "2019-12-03T11:53:36.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\"",
"osint:source-type=\"blog-post\"",
"type:OSINT",
"osint:lifetime=\"perpetual\"",
"osint:certainty=\"50\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "The threat group regularly referred to as APT33 is known to target the oil and aviation industries aggressively. This threat group has been reported on consistently for years, but our recent findings show that the group has been using about a dozen live Command and Control (C&C) servers for extremely narrow targeting. The group puts up multiple layers of obfuscation to run these C&C servers in extremely targeted malware campaigns against organizations in the Middle East, the U.S., and Asia."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66ed7-e800-4ad9-b5b0-3e72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:25:02.000Z",
"modified": "2019-12-03T14:25:02.000Z",
"description": "APT33 C&C domains for extreme narrow targeting",
"pattern": "[domain-name:value = 'oorgans.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66ed7-5638-4021-91e9-3e72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:25:02.000Z",
"modified": "2019-12-03T14:25:02.000Z",
"description": "APT33 C&C domains for extreme narrow targeting",
"pattern": "[domain-name:value = 'suncocity.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66ed7-42b8-43e5-8e6e-3e72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:25:02.000Z",
"modified": "2019-12-03T14:25:02.000Z",
"description": "APT33 C&C domains for extreme narrow targeting",
"pattern": "[domain-name:value = 'zandelshop.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66ed7-3438-48ee-973c-3e72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:25:02.000Z",
"modified": "2019-12-03T14:25:02.000Z",
"description": "APT33 C&C domains for extreme narrow targeting",
"pattern": "[domain-name:value = 'simsoshop.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66ed7-8bec-4c8b-acb0-3e72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:25:02.000Z",
"modified": "2019-12-03T14:25:02.000Z",
"description": "APT33 C&C domains for extreme narrow targeting",
"pattern": "[domain-name:value = 'zeverco.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66ed7-9a94-4a54-815b-3e72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:25:02.000Z",
"modified": "2019-12-03T14:25:02.000Z",
"description": "APT33 C&C domains for extreme narrow targeting",
"pattern": "[domain-name:value = 'qualitweb.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66ed7-8ae8-4c2b-8222-3e72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:25:02.000Z",
"modified": "2019-12-03T14:25:02.000Z",
"description": "APT33 C&C domains for extreme narrow targeting",
"pattern": "[domain-name:value = 'service-explorer.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66ed7-0670-4133-b94e-3e72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:25:02.000Z",
"modified": "2019-12-03T14:25:02.000Z",
"description": "APT33 C&C domains for extreme narrow targeting",
"pattern": "[domain-name:value = 'service-norton.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66ed7-fd84-4e19-b86d-3e72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:25:02.000Z",
"modified": "2019-12-03T14:25:02.000Z",
"description": "APT33 C&C domains for extreme narrow targeting",
"pattern": "[domain-name:value = 'service-eset.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66ed7-1bcc-48fa-b76a-3e72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:25:02.000Z",
"modified": "2019-12-03T14:25:02.000Z",
"description": "APT33 C&C domains for extreme narrow targeting",
"pattern": "[domain-name:value = 'service-essential.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66ed7-3118-4d36-8eb9-3e72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:25:02.000Z",
"modified": "2019-12-03T14:25:02.000Z",
"description": "APT33 C&C domains for extreme narrow targeting",
"pattern": "[domain-name:value = 'update-symantec.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:25:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de6523d-de58-472f-9156-4d3e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:37:04.000Z",
"modified": "2020-01-20T15:37:04.000Z",
"pattern": "[email-message:from_ref.value = 'recruitment@alsalam.aero' AND email-message:date = '2016-12-31T00:00:00' AND email-message:subject = 'Job Opportunity']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-12-31T07:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5de65459-590c-4181-98d5-4efa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:39:16.000Z",
"modified": "2020-01-20T15:39:16.000Z",
"first_observed": "2017-04-17T07:00:00Z",
"last_observed": "2020-01-20T15:39:16Z",
"number_observed": 1,
"object_refs": [
"email-message--5de65459-590c-4181-98d5-4efa950d210f",
"email-addr--5de65459-f94c-482e-b180-456c950d210f"
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"False\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5de65459-590c-4181-98d5-4efa950d210f",
"is_multipart": false,
"date": "2017-04-17T00:00:00Z",
"from_ref": "email-addr--5de65459-f94c-482e-b180-456c950d210f",
"subject": "Vacancy Announcement"
},
{
"type": "email-addr",
"spec_version": "2.1",
"id": "email-addr--5de65459-f94c-482e-b180-456c950d210f",
"value": "recruitment@alsalam.aero"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5de654b1-2f18-4646-9819-4f1b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:38:51.000Z",
"modified": "2020-01-20T15:38:51.000Z",
"first_observed": "2018-09-25T07:00:00Z",
"last_observed": "2020-01-20T15:38:51Z",
"number_observed": 1,
"object_refs": [
"email-message--5de654b1-2f18-4646-9819-4f1b950d210f",
"email-addr--5de654b2-3690-4be9-abf9-431b950d210f"
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"False\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5de654b1-2f18-4646-9819-4f1b950d210f",
"is_multipart": false,
"date": "2018-09-25T00:00:00Z",
"from_ref": "email-addr--5de654b2-3690-4be9-abf9-431b950d210f",
"subject": "AramCo Jobs"
},
{
"type": "email-addr",
"spec_version": "2.1",
"id": "email-addr--5de654b2-3690-4be9-abf9-431b950d210f",
"value": "careers@aramcojobs.ga"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5de65f8c-c9d0-4a61-99e6-4c6e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:38:30.000Z",
"modified": "2020-01-20T15:38:30.000Z",
"first_observed": "2018-10-22T07:00:00Z",
"last_observed": "2020-01-20T15:38:30Z",
"number_observed": 1,
"object_refs": [
"email-message--5de65f8c-c9d0-4a61-99e6-4c6e950d210f",
"email-addr--5de65f8c-46b0-4f42-9c4a-48a0950d210f"
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"False\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5de65f8c-c9d0-4a61-99e6-4c6e950d210f",
"is_multipart": false,
"date": "2018-10-22T00:00:00Z",
"from_ref": "email-addr--5de65f8c-46b0-4f42-9c4a-48a0950d210f",
"subject": "Job Openning at SAMREF"
},
{
"type": "email-addr",
"spec_version": "2.1",
"id": "email-addr--5de65f8c-46b0-4f42-9c4a-48a0950d210f",
"value": "jobs@samref.ga"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5de66884-3dac-4677-a9a7-226f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:38:04.000Z",
"modified": "2020-01-20T15:38:04.000Z",
"first_observed": "2018-07-02T07:00:00Z",
"last_observed": "2020-01-20T15:38:04Z",
"number_observed": 1,
"object_refs": [
"email-message--5de66884-3dac-4677-a9a7-226f950d210f",
"email-addr--5de66884-dbc4-4977-bbf5-226f950d210f"
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"False\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5de66884-3dac-4677-a9a7-226f950d210f",
"is_multipart": false,
"date": "2018-07-02T00:00:00Z",
"from_ref": "email-addr--5de66884-dbc4-4977-bbf5-226f950d210f",
"subject": "Job Opportunity SIPCHEM"
},
{
"type": "email-addr",
"spec_version": "2.1",
"id": "email-addr--5de66884-dbc4-4977-bbf5-226f950d210f",
"value": "careers@sipchem.ga"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5de668b6-6da0-4e21-a3ed-1e9a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:37:28.000Z",
"modified": "2020-01-20T15:37:28.000Z",
"first_observed": "2017-09-11T07:00:00Z",
"last_observed": "2020-01-20T15:37:28Z",
"number_observed": 1,
"object_refs": [
"email-message--5de668b6-6da0-4e21-a3ed-1e9a950d210f",
"email-addr--5de668b7-3984-4c0d-9f8e-1e9a950d210f"
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"False\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5de668b6-6da0-4e21-a3ed-1e9a950d210f",
"is_multipart": false,
"date": "2017-09-11T00:00:00Z",
"from_ref": "email-addr--5de668b7-3984-4c0d-9f8e-1e9a950d210f",
"subject": "Job Opportunity"
},
{
"type": "email-addr",
"spec_version": "2.1",
"id": "email-addr--5de668b7-3984-4c0d-9f8e-1e9a950d210f",
"value": "jobs@ngaaksa.ga"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5de66aa6-89f8-4ef4-9464-4ae2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:36:45.000Z",
"modified": "2020-01-20T15:36:45.000Z",
"first_observed": "2018-08-28T07:00:00Z",
"last_observed": "2020-01-20T15:36:45Z",
"number_observed": 1,
"object_refs": [
"email-message--5de66aa6-89f8-4ef4-9464-4ae2950d210f",
"email-addr--5de66aa7-f6e4-45b1-8346-4ae2950d210f"
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"False\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5de66aa6-89f8-4ef4-9464-4ae2950d210f",
"is_multipart": false,
"date": "2018-08-28T00:00:00Z",
"from_ref": "email-addr--5de66aa7-f6e4-45b1-8346-4ae2950d210f",
"subject": "Latest Vacancy"
},
{
"type": "email-addr",
"spec_version": "2.1",
"id": "email-addr--5de66aa7-f6e4-45b1-8346-4ae2950d210f",
"value": "careers@aramcojobs.ga"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66b15-8000-4f4f-82f4-3e63950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:36:08.000Z",
"modified": "2020-01-20T15:36:08.000Z",
"pattern": "[email-message:from_ref.value = 'careers@aramcojobs.ga' AND email-message:date = '2018-08-26T00:00:00' AND email-message:subject = 'Latest Vacancy']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-26T07:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5de66b98-18b4-4a53-924a-1179950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:31:21.000Z",
"modified": "2020-01-20T15:31:21.000Z",
"first_observed": "2017-07-17T07:00:00Z",
"last_observed": "2020-01-20T15:31:21Z",
"number_observed": 1,
"object_refs": [
"email-message--5de66b98-18b4-4a53-924a-1179950d210f",
"email-addr--5de66b98-b8f0-4c32-bde2-1179950d210f"
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"False\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5de66b98-18b4-4a53-924a-1179950d210f",
"is_multipart": false,
"date": "2017-07-17T00:00:00Z",
"from_ref": "email-addr--5de66b98-b8f0-4c32-bde2-1179950d210f",
"subject": "Job Openning"
},
{
"type": "email-addr",
"spec_version": "2.1",
"id": "email-addr--5de66b98-b8f0-4c32-bde2-1179950d210f",
"value": "careers@ngaaksa.com"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66bc8-ea38-4b6f-866b-3e74950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:30:53.000Z",
"modified": "2020-01-20T15:30:53.000Z",
"pattern": "[email-message:from_ref.value = 'jobs@dyn-intl.ga' AND email-message:date = '2017-11-20T00:00:00' AND email-message:subject = 'Job Openning']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-20T07:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5de66be7-3a30-4ec6-b560-3e72950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:30:20.000Z",
"modified": "2020-01-20T15:30:20.000Z",
"first_observed": "2017-11-28T07:00:00Z",
"last_observed": "2020-01-20T15:30:20Z",
"number_observed": 1,
"object_refs": [
"email-message--5de66be7-3a30-4ec6-b560-3e72950d210f"
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"False\""
]
},
{
"type": "email-message",
"spec_version": "2.1",
"id": "email-message--5de66be7-3a30-4ec6-b560-3e72950d210f",
"is_multipart": false,
"date": "2017-11-28T00:00:00Z",
"subject": "Job Openning"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66e18-37bc-4d03-80a3-0458950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:40:00.000Z",
"modified": "2020-01-20T15:40:00.000Z",
"pattern": "[email-message:from_ref.value = 'jobs@mail.dyn-corp.ga' AND email-message:date = '2018-03-05T00:00:00' AND email-message:subject = 'Job Openning']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-03-05T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66e3e-1334-4add-95d9-1bc6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:40:32.000Z",
"modified": "2020-01-20T15:40:32.000Z",
"pattern": "[email-message:from_ref.value = 'jobs@sipchem.ga' AND email-message:date = '2018-07-30T00:00:00' AND email-message:subject = 'Job Openning']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-07-30T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5de66e5d-2724-41ec-8491-7ac9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2020-01-20T15:41:07.000Z",
"modified": "2020-01-20T15:41:07.000Z",
"pattern": "[email-message:from_ref.value = 'jobs@sipchem.ga' AND email-message:date = '2018-08-14T00:00:00' AND email-message:subject = 'Job Openning']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2018-08-14T00:00:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"email\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c69e95e9-9f4a-47bd-9cca-df70112bf4ba",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:26.000Z",
"modified": "2019-12-03T14:40:26.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.135.120.57') AND network-traffic:start = '2018-12-04T00:00:00' AND network-traffic:end = '2019-01-24T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--14ce7404-1d9e-489b-91c1-62bd49ac088a",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:27.000Z",
"modified": "2019-12-03T14:40:27.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.135.199.25') AND network-traffic:start = '2019-03-03T00:00:00' AND network-traffic:end = '2019-03-03T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--33757eab-39f8-4dd3-bdc3-abe31bdb329e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:27.000Z",
"modified": "2019-12-03T14:40:27.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.7.62.48') AND network-traffic:start = '2018-09-26T00:00:00' AND network-traffic:end = '2018-09-29T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--dbf15608-73c3-4fdd-abec-cbd4abf42b9b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:28.000Z",
"modified": "2019-12-03T14:40:28.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '51.77.11.46') AND network-traffic:start = '2019-07-01T00:00:00' AND network-traffic:end = '2019-07-02T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--825ee3e8-ec27-47b1-93fd-800aac6cb009",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:28.000Z",
"modified": "2019-12-03T14:40:28.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.36.73.108') AND network-traffic:start = '2019-07-22T00:00:00' AND network-traffic:end = '2019-10-05T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--286489c4-fc1a-4722-a1d2-0a2cef367629",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:29.000Z",
"modified": "2019-12-03T14:40:29.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.37.48.172') AND network-traffic:start = '2019-10-22T00:00:00' AND network-traffic:end = '2019-11-05T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--0bdc7720-3ac3-40ae-bcc3-d6db34735dbd",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:29.000Z",
"modified": "2019-12-03T14:40:29.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.38.124.150') AND network-traffic:start = '2018-10-28T00:00:00' AND network-traffic:end = '2018-11-17T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c2fc02ff-1e36-4f10-8b9f-684ebdc9854b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:30.000Z",
"modified": "2019-12-03T14:40:30.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '88.150.221.107') AND network-traffic:start = '2019-09-26T00:00:00' AND network-traffic:end = '2019-11-07T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--043a1485-d6a4-45dc-b086-c3ff04371713",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:31.000Z",
"modified": "2019-12-03T14:40:31.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.134.203.59') AND network-traffic:start = '2018-09-26T00:00:00' AND network-traffic:end = '2018-12-04T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fbd5daea-0454-4809-9ce2-9b1bf3898953",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:32.000Z",
"modified": "2019-12-03T14:40:32.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.169.89.103') AND network-traffic:start = '2018-12-02T00:00:00' AND network-traffic:end = '2018-12-14T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54702d2c-5a8a-4a1f-8ab0-793464fc828f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:32.000Z",
"modified": "2019-12-03T14:40:32.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.200.24.114') AND network-traffic:start = '2018-11-19T00:00:00' AND network-traffic:end = '2018-12-25T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--2db4134a-4d62-4ebe-b3f1-6c1c15437ff8",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:33.000Z",
"modified": "2019-12-03T14:40:33.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.74.80.220') AND network-traffic:start = '2018-09-29T00:00:00' AND network-traffic:end = '2018-10-23T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--4cf21017-f924-403b-ab8e-380573ea512e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:33.000Z",
"modified": "2019-12-03T14:40:33.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '137.74.157.84') AND network-traffic:start = '2018-12-18T00:00:00' AND network-traffic:end = '2019-10-21T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--94a30556-2476-4fd2-94d6-06a151831884",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:34.000Z",
"modified": "2019-12-03T14:40:34.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.122.56.232') AND network-traffic:start = '2018-09-29T00:00:00' AND network-traffic:end = '2018-11-04T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--87d3ad19-a9e7-4e25-a695-ea5b4a1b8c5d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:34.000Z",
"modified": "2019-12-03T14:40:34.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.125.204.57') AND network-traffic:start = '2018-10-25T00:00:00' AND network-traffic:end = '2019-01-14T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ee15f4bd-db1d-4297-a53b-9ab11ab65716",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:35.000Z",
"modified": "2019-12-03T14:40:35.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.175.138.173') AND network-traffic:start = '2019-01-19T00:00:00' AND network-traffic:end = '2019-01-22T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--a846ef5e-c63a-4068-984b-8cdc38ef617b",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:35.000Z",
"modified": "2019-12-03T14:40:35.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.165.119.138') AND network-traffic:start = '2018-10-08T00:00:00' AND network-traffic:end = '2018-11-19T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--1b6633ee-60c0-48fb-8b49-6fcc7d411309",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:36.000Z",
"modified": "2019-12-03T14:40:36.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.70.71.112') AND network-traffic:start = '2019-03-07T00:00:00' AND network-traffic:end = '2019-03-17T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--c3feb2d0-0ebe-47e6-b0da-ad419ea6aee7",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:37.000Z",
"modified": "2019-12-03T14:40:37.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.154.41.72') AND network-traffic:start = '2019-01-13T00:00:00' AND network-traffic:end = '2019-01-20T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e0c182b5-2961-461b-bc17-36cc4ff11dc5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:37.000Z",
"modified": "2019-12-03T14:40:37.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.32.113.159') AND network-traffic:start = '2019-06-30T00:00:00' AND network-traffic:end = '2019-09-16T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--fd1343f2-286e-4036-b9a8-1adff8eb2479",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:40:38.000Z",
"modified": "2019-12-03T14:40:38.000Z",
"pattern": "[(network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.244.93.137') AND network-traffic:start = '2018-12-10T00:00:00' AND network-traffic:end = '2018-12-21T00:00:00']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:40:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "network"
}
],
"labels": [
"misp:name=\"ip-port\"",
"misp:meta-category=\"network\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--e9693797-9115-4631-972d-7a8e0e3a1e9e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:44:45.000Z",
"modified": "2019-12-03T14:44:45.000Z",
"pattern": "[file:hashes.SHA256 = 'e954ff741baebb173ba45fbcfdea7499d00d8cfa2933b69f6cc0970b294f9ffd' AND file:name = 'MsdUpdate.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:44:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--82666f1d-b22b-436e-979d-5d75e303e141",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:44:51.000Z",
"modified": "2019-12-03T14:44:51.000Z",
"pattern": "[file:hashes.SHA256 = 'b58a2ef01af65d32ca4ba555bd72931dc68728e6d96d8808afca029b4c75d31e' AND file:name = 'MsdUpdate.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:44:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5ac505ff-4ea6-4dbd-8dd8-75a55c32741e",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:44:51.000Z",
"modified": "2019-12-03T14:44:51.000Z",
"pattern": "[file:hashes.SHA256 = 'a67461a0c14fc1528ad83b9bd874f53b7616cfed99656442fb4d9cdd7d09e449' AND file:name = 'MsdUpdate.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:44:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--71915c2b-eb82-44d7-90d4-566307cca0a5",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:44:52.000Z",
"modified": "2019-12-03T14:44:52.000Z",
"pattern": "[file:hashes.SHA256 = 'c303454efb21c0bf0df6fb6c2a14e401efeb57c1c574f63cdae74ef74a3b01f2' AND file:name = 'MsdUpdate.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:44:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--96669752-aadb-43b9-8c29-7ccec173980d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:44:53.000Z",
"modified": "2019-12-03T14:44:53.000Z",
"pattern": "[file:hashes.SHA256 = '75e6bafc4fa496b418df0208f12e688b16e7afdb94a7b30e3eca532717beb9ba' AND file:name = 'MsdUpdate.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:44:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--ad36a520-c695-43b7-8ad2-a7de2481e6da",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:44:54.000Z",
"modified": "2019-12-03T14:44:54.000Z",
"pattern": "[file:hashes.SHA256 = '8fb6cbf6f6b6a897bf0ee1217dbf738bce7a3000507b89ea30049fd670018b46' AND file:name = 'MsdUpdate.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:44:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--62f6f45e-a6b4-4dd4-9d7f-3ffb6a7c194d",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:44:55.000Z",
"modified": "2019-12-03T14:44:55.000Z",
"pattern": "[file:hashes.SHA256 = 'ba9d76cca6b5c7308961cfe3739dc1328f3dad9a824417fad73b842b043daa1a' AND file:name = 'DysonPart.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:44:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--9cf77da3-bde0-4a41-874f-60c45953b1e0",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2019-12-03T14:44:56.000Z",
"modified": "2019-12-03T14:44:56.000Z",
"pattern": "[file:hashes.SHA256 = '07e1baf1d0207a139bcf39c60354666496e4331381d36eef9359120b1d8497f1']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2019-12-03T14:44:56Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink