misp-circl-feed/feeds/circl/misp/57780118-b304-434e-b78f-478d950d210f.json

1273 lines
No EOL
50 KiB
JSON

{
"type": "bundle",
"id": "bundle--57780118-b304-434e-b78f-478d950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:19:32.000Z",
"modified": "2016-07-02T18:19:32.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--57780118-b304-434e-b78f-478d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:19:32.000Z",
"modified": "2016-07-02T18:19:32.000Z",
"name": "OSINT H-Worm IOCs from WooYun",
"published": "2016-07-02T18:19:37Z",
"object_refs": [
"observed-data--57780148-548c-41c9-b29e-483e950d210f",
"url--57780148-548c-41c9-b29e-483e950d210f",
"indicator--57780162-a4fc-4810-987d-4f29950d210f",
"indicator--57780162-d6ec-4acf-b61f-4008950d210f",
"indicator--57780162-9cf8-4b76-a355-41ae950d210f",
"indicator--57780162-9bd8-4e91-a01d-4551950d210f",
"indicator--57780162-20f4-4ca0-812a-409a950d210f",
"indicator--57780163-3538-4714-9237-4484950d210f",
"indicator--57780163-5550-48fa-9c3b-49a6950d210f",
"indicator--57780163-e160-42e3-81b6-4d85950d210f",
"indicator--57780163-2390-46a1-ae8c-4bea950d210f",
"indicator--57780163-99fc-474e-b7a9-4893950d210f",
"indicator--57780163-e838-4e2d-9319-410b950d210f",
"indicator--57780164-6dd4-4d96-9a8c-417d950d210f",
"indicator--57780164-ac20-415d-9bbf-4af1950d210f",
"indicator--57780164-e988-46ec-8b83-47d1950d210f",
"indicator--57780164-6e90-42fe-8bd0-407e950d210f",
"indicator--57780164-77f0-4f71-84c4-46fa950d210f",
"indicator--57780164-2700-424a-9a2e-4857950d210f",
"indicator--57780165-f9dc-4b8b-a389-4710950d210f",
"indicator--57780165-b50c-48a7-8af4-4f9d950d210f",
"indicator--57780165-e034-4ec0-a8e2-4537950d210f",
"indicator--57780165-ca3c-4fd2-9594-49b3950d210f",
"indicator--57780165-0fc8-408f-b09e-40d7950d210f",
"indicator--57780166-35fc-4540-abc2-4535950d210f",
"indicator--57780166-2e48-47b4-9b74-4e2d950d210f",
"indicator--57780166-80b0-489a-9ccd-484b950d210f",
"indicator--57780166-47cc-4ff6-9e70-4f3e950d210f",
"indicator--57780166-7178-4ca2-8d30-4559950d210f",
"indicator--57780166-9038-4536-933f-4353950d210f",
"indicator--57780167-8a4c-480e-bf4d-484e950d210f",
"indicator--57780167-a468-4e10-b8a1-49d0950d210f",
"indicator--57780167-038c-43c6-b141-4050950d210f",
"indicator--57780167-271c-4e45-a979-4838950d210f",
"indicator--57780167-552c-43a8-a437-4a51950d210f",
"indicator--57780167-b560-475e-9c82-4af5950d210f",
"indicator--57780168-0e08-48ba-8b8e-42d0950d210f",
"indicator--57780168-fd9c-4eaf-93ae-4136950d210f",
"indicator--57780168-2778-40ec-ae28-44f8950d210f",
"indicator--57780168-cd38-40b4-98a5-4fb1950d210f",
"indicator--57780168-d4c4-4b5d-a257-428c950d210f",
"indicator--57780168-df7c-4ed7-bab8-43b7950d210f",
"indicator--57780169-bf84-4677-a72f-4e32950d210f",
"indicator--57780169-0664-45ee-b006-4e22950d210f",
"indicator--57780169-4104-4d2d-814f-4fd8950d210f",
"indicator--57780169-073c-444a-add2-4868950d210f",
"indicator--57780169-612c-41dd-9a7a-4643950d210f",
"indicator--5778016a-fbac-40b6-b2b2-4070950d210f",
"indicator--5778016a-3700-41cf-acd6-49e0950d210f",
"indicator--5778016a-9fac-44fc-993b-4150950d210f",
"indicator--5778016a-0c2c-4682-b7a3-4f2c950d210f",
"indicator--5778016a-b8b4-4b19-b761-487f950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--57780148-548c-41c9-b29e-483e950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:00:40.000Z",
"modified": "2016-07-02T18:00:40.000Z",
"first_observed": "2016-07-02T18:00:40Z",
"last_observed": "2016-07-02T18:00:40Z",
"number_observed": 1,
"object_refs": [
"url--57780148-548c-41c9-b29e-483e950d210f"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--57780148-548c-41c9-b29e-483e950d210f",
"value": "http://drops.wooyun.org/papers/17374"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780162-a4fc-4810-987d-4f29950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:06.000Z",
"modified": "2016-07-02T18:01:06.000Z",
"pattern": "[domain-name:value = 'zzzch.zapto.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780162-d6ec-4acf-b61f-4008950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:06.000Z",
"modified": "2016-07-02T18:01:06.000Z",
"pattern": "[domain-name:value = 'ysf.no-ip.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780162-9cf8-4b76-a355-41ae950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:06.000Z",
"modified": "2016-07-02T18:01:06.000Z",
"pattern": "[domain-name:value = 'ycemufkk6g.bounceme.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780162-9bd8-4e91-a01d-4551950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:06.000Z",
"modified": "2016-07-02T18:01:06.000Z",
"pattern": "[domain-name:value = 'xxx-xxx.no-ip.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780162-20f4-4ca0-812a-409a950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:06.000Z",
"modified": "2016-07-02T18:01:06.000Z",
"pattern": "[domain-name:value = 'xkiller.no-ip.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780163-3538-4714-9237-4484950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:07.000Z",
"modified": "2016-07-02T18:01:07.000Z",
"pattern": "[domain-name:value = 'wach.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780163-5550-48fa-9c3b-49a6950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:07.000Z",
"modified": "2016-07-02T18:01:07.000Z",
"pattern": "[domain-name:value = 'tariqalr.zapto.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780163-e160-42e3-81b6-4d85950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:07.000Z",
"modified": "2016-07-02T18:01:07.000Z",
"pattern": "[domain-name:value = 'shagagy21.no-ip.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780163-2390-46a1-ae8c-4bea950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:07.000Z",
"modified": "2016-07-02T18:01:07.000Z",
"pattern": "[domain-name:value = 'sexcam.3utilities.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780163-99fc-474e-b7a9-4893950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:07.000Z",
"modified": "2016-07-02T18:01:07.000Z",
"pattern": "[domain-name:value = 'servecounterstrike.servecounterstrike.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780163-e838-4e2d-9319-410b950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:07.000Z",
"modified": "2016-07-02T18:01:07.000Z",
"pattern": "[domain-name:value = 'playgame.servecounterstrike.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780164-6dd4-4d96-9a8c-417d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:08.000Z",
"modified": "2016-07-02T18:01:08.000Z",
"pattern": "[domain-name:value = 'p-dark.zapto.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780164-ac20-415d-9bbf-4af1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:08.000Z",
"modified": "2016-07-02T18:01:08.000Z",
"pattern": "[domain-name:value = 'nouna1985.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780164-e988-46ec-8b83-47d1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:08.000Z",
"modified": "2016-07-02T18:01:08.000Z",
"pattern": "[domain-name:value = 'n0it.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780164-6e90-42fe-8bd0-407e950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:08.000Z",
"modified": "2016-07-02T18:01:08.000Z",
"pattern": "[domain-name:value = 'mzab47.myq-see.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780164-77f0-4f71-84c4-46fa950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:08.000Z",
"modified": "2016-07-02T18:01:08.000Z",
"pattern": "[domain-name:value = 'modox.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780164-2700-424a-9a2e-4857950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:08.000Z",
"modified": "2016-07-02T18:01:08.000Z",
"pattern": "[domain-name:value = 'mmoohhaammeedd.no-ip.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780165-f9dc-4b8b-a389-4710950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:09.000Z",
"modified": "2016-07-02T18:01:09.000Z",
"pattern": "[domain-name:value = 'mlcrosoft.serveftp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780165-b50c-48a7-8af4-4f9d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:09.000Z",
"modified": "2016-07-02T18:01:09.000Z",
"pattern": "[domain-name:value = 'microsoftupgrades.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780165-e034-4ec0-a8e2-4537950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:09.000Z",
"modified": "2016-07-02T18:01:09.000Z",
"pattern": "[domain-name:value = 'microsoftsystem.sytes.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780165-ca3c-4fd2-9594-49b3950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:09.000Z",
"modified": "2016-07-02T18:01:09.000Z",
"pattern": "[domain-name:value = 'micr0s0ftsoft.myftp.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780165-0fc8-408f-b09e-40d7950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:09.000Z",
"modified": "2016-07-02T18:01:09.000Z",
"pattern": "[domain-name:value = 'mda.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780166-35fc-4540-abc2-4535950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:10.000Z",
"modified": "2016-07-02T18:01:10.000Z",
"pattern": "[domain-name:value = 'maroco.redirectme.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780166-2e48-47b4-9b74-4e2d950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:10.000Z",
"modified": "2016-07-02T18:01:10.000Z",
"pattern": "[domain-name:value = 'maroco.myq-see.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780166-80b0-489a-9ccd-484b950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:10.000Z",
"modified": "2016-07-02T18:01:10.000Z",
"pattern": "[domain-name:value = 'maroco.linkpc.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780166-47cc-4ff6-9e70-4f3e950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:10.000Z",
"modified": "2016-07-02T18:01:10.000Z",
"pattern": "[domain-name:value = 'man2010.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780166-7178-4ca2-8d30-4559950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:10.000Z",
"modified": "2016-07-02T18:01:10.000Z",
"pattern": "[domain-name:value = 'korom.zapto.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780166-9038-4536-933f-4353950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:10.000Z",
"modified": "2016-07-02T18:01:10.000Z",
"pattern": "[domain-name:value = 'koko.myftp.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:10Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780167-8a4c-480e-bf4d-484e950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:11.000Z",
"modified": "2016-07-02T18:01:11.000Z",
"pattern": "[domain-name:value = 'klonkino.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780167-a468-4e10-b8a1-49d0950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:11.000Z",
"modified": "2016-07-02T18:01:11.000Z",
"pattern": "[domain-name:value = 'king.servemp3.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780167-038c-43c6-b141-4050950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:11.000Z",
"modified": "2016-07-02T18:01:11.000Z",
"pattern": "[domain-name:value = 'herohero.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780167-271c-4e45-a979-4838950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:11.000Z",
"modified": "2016-07-02T18:01:11.000Z",
"pattern": "[domain-name:value = 'hacker20133.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780167-552c-43a8-a437-4a51950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:11.000Z",
"modified": "2016-07-02T18:01:11.000Z",
"pattern": "[domain-name:value = 'googlechrome.servequake.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780167-b560-475e-9c82-4af5950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:11.000Z",
"modified": "2016-07-02T18:01:11.000Z",
"pattern": "[domain-name:value = 'g00gle.sytes.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:11Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780168-0e08-48ba-8b8e-42d0950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:12.000Z",
"modified": "2016-07-02T18:01:12.000Z",
"pattern": "[domain-name:value = 'dzhacker15.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780168-fd9c-4eaf-93ae-4136950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:12.000Z",
"modified": "2016-07-02T18:01:12.000Z",
"pattern": "[domain-name:value = 'dz47.servehttp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780168-2778-40ec-ae28-44f8950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:12.000Z",
"modified": "2016-07-02T18:01:12.000Z",
"pattern": "[domain-name:value = 'dz47.myq-see.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780168-cd38-40b4-98a5-4fb1950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:12.000Z",
"modified": "2016-07-02T18:01:12.000Z",
"pattern": "[domain-name:value = 'dz47.linkpc.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780168-d4c4-4b5d-a257-428c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:12.000Z",
"modified": "2016-07-02T18:01:12.000Z",
"pattern": "[domain-name:value = 'dream7.no-ip.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780168-df7c-4ed7-bab8-43b7950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:12.000Z",
"modified": "2016-07-02T18:01:12.000Z",
"pattern": "[domain-name:value = 'diiimaria.zapto.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780169-bf84-4677-a72f-4e32950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:13.000Z",
"modified": "2016-07-02T18:01:13.000Z",
"pattern": "[domain-name:value = 'desha10.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780169-0664-45ee-b006-4e22950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:13.000Z",
"modified": "2016-07-02T18:01:13.000Z",
"pattern": "[domain-name:value = 'dataday3.no-ip.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780169-4104-4d2d-814f-4fd8950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:13.000Z",
"modified": "2016-07-02T18:01:13.000Z",
"pattern": "[domain-name:value = 'darkanony0501.no-ip.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780169-073c-444a-add2-4868950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:13.000Z",
"modified": "2016-07-02T18:01:13.000Z",
"pattern": "[domain-name:value = 'cupidon.zapto.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--57780169-612c-41dd-9a7a-4643950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:13.000Z",
"modified": "2016-07-02T18:01:13.000Z",
"pattern": "[domain-name:value = 'chrom.no-ip.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5778016a-fbac-40b6-b2b2-4070950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:14.000Z",
"modified": "2016-07-02T18:01:14.000Z",
"pattern": "[domain-name:value = 'bog5151.zapto.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5778016a-3700-41cf-acd6-49e0950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:14.000Z",
"modified": "2016-07-02T18:01:14.000Z",
"pattern": "[domain-name:value = 'blackmind.redirectme.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5778016a-9fac-44fc-993b-4150950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:14.000Z",
"modified": "2016-07-02T18:01:14.000Z",
"pattern": "[domain-name:value = 'albertino.no-ip.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5778016a-0c2c-4682-b7a3-4f2c950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:14.000Z",
"modified": "2016-07-02T18:01:14.000Z",
"pattern": "[domain-name:value = 'adolf2013.sytes.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5778016a-b8b4-4b19-b761-487f950d210f",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2016-07-02T18:01:14.000Z",
"modified": "2016-07-02T18:01:14.000Z",
"pattern": "[domain-name:value = 'adamdam.zapto.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-07-02T18:01:14Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}