misp-circl-feed/feeds/circl/stix-2.1/54b8caf4-0830-44b3-b460-4662950d210b.json

858 lines
No EOL
36 KiB
JSON

{
"type": "bundle",
"id": "bundle--54b8caf4-0830-44b3-b460-4662950d210b",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:49:17.000Z",
"modified": "2015-01-16T09:49:17.000Z",
"name": "CthulhuSPRL.be",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--54b8caf4-0830-44b3-b460-4662950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:49:17.000Z",
"modified": "2015-01-16T09:49:17.000Z",
"name": "OSINT Backdoor.Win32.Shiz from Lavasoft",
"published": "2015-01-16T10:41:26Z",
"object_refs": [
"observed-data--54b8cb01-a478-435f-9b65-47b5950d210b",
"url--54b8cb01-a478-435f-9b65-47b5950d210b",
"x-misp-attribute--54b8cb0e-1528-417d-b1c9-4053950d210b",
"indicator--54b8cb43-763c-48c3-81c5-4254950d210b",
"observed-data--54b8cb6f-001c-4864-b4a3-484d950d210b",
"file--54b8cb6f-001c-4864-b4a3-484d950d210b",
"observed-data--54b8cb90-ce44-4091-9163-440d950d210b",
"file--54b8cb90-ce44-4091-9163-440d950d210b",
"x-misp-attribute--54b8ce06-5244-4c6d-ac48-430d950d210b",
"x-misp-attribute--54b8ce15-1390-48b5-b329-49c3950d210b",
"observed-data--54b8ce2b-1cd8-4a4d-88c2-4e5a950d210b",
"domain-name--54b8ce2b-1cd8-4a4d-88c2-4e5a950d210b",
"observed-data--54b8ce2c-bef0-45dd-b805-4c9f950d210b",
"domain-name--54b8ce2c-bef0-45dd-b805-4c9f950d210b",
"x-misp-attribute--54b8ce41-6378-492b-813b-caa2950d210b",
"indicator--54b8d3b3-f798-4bb8-904b-d90d950d210b",
"indicator--54b8d3c4-12d4-42ad-8559-4762950d210b",
"indicator--54b8d400-56f4-4318-8431-44ac950d210b",
"indicator--54b8d400-5fbc-4e33-8b8b-40fc950d210b",
"indicator--54b8d400-eba0-49eb-9a1e-49cc950d210b",
"indicator--54b8d400-5a64-4787-80ff-4d33950d210b",
"indicator--54b8d401-98e4-452d-bfe5-4367950d210b",
"indicator--54b8d401-d444-4f3c-b032-4336950d210b",
"indicator--54b8d401-8a64-4961-9851-4947950d210b",
"indicator--54b8d401-2f08-481c-a5e0-49f8950d210b",
"indicator--54b8d401-9a34-43a7-b364-4128950d210b",
"indicator--54b8d401-62c8-41d7-a411-48aa950d210b",
"indicator--54b8d401-4178-4b8e-bb3f-47f1950d210b",
"indicator--54b8d401-3c0c-4e5e-ad2a-4aa9950d210b",
"indicator--54b8d401-21c4-40d2-8a72-4b0e950d210b",
"indicator--54b8d401-374c-4667-bb9b-45c9950d210b",
"indicator--54b8d401-a238-48d7-90ad-40aa950d210b",
"indicator--54b8d401-b8d8-4e5e-a9d7-4cac950d210b",
"indicator--54b8d402-18b0-4bcf-a93e-454b950d210b",
"indicator--54b8d402-9978-43ab-b9c6-464e950d210b",
"indicator--54b8d402-d264-45d2-b5d0-4f04950d210b",
"indicator--54b8d402-7da0-469c-95a7-4bb6950d210b",
"indicator--54b8d402-4ca8-4cb7-a2ba-4385950d210b",
"x-misp-attribute--54b8d42d-207c-421a-8b10-4611950d210b",
"observed-data--54b8de9d-49a4-4b93-bb52-4662950d210b",
"url--54b8de9d-49a4-4b93-bb52-4662950d210b"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"type:OSINT"
],
"object_marking_refs": [
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54b8cb01-a478-435f-9b65-47b5950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T08:25:36.000Z",
"modified": "2015-01-16T08:25:36.000Z",
"first_observed": "2015-01-16T08:25:36Z",
"last_observed": "2015-01-16T08:25:36Z",
"number_observed": 1,
"object_refs": [
"url--54b8cb01-a478-435f-9b65-47b5950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--54b8cb01-a478-435f-9b65-47b5950d210b",
"value": "http://lavasoft.com/mylavasoft/malware-descriptions/blog/backdoorwin32shiz"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54b8cb0e-1528-417d-b1c9-4053950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T08:25:50.000Z",
"modified": "2015-01-16T08:25:50.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "Shiz"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8cb43-763c-48c3-81c5-4254950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T08:26:43.000Z",
"modified": "2015-01-16T08:26:43.000Z",
"pattern": "[file:hashes.SHA1 = 'e973239500b4fb216182043805453cea9edf8730']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T08:26:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54b8cb6f-001c-4864-b4a3-484d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T08:27:40.000Z",
"modified": "2015-01-16T08:27:40.000Z",
"first_observed": "2015-01-16T08:27:40Z",
"last_observed": "2015-01-16T08:27:40Z",
"number_observed": 1,
"object_refs": [
"file--54b8cb6f-001c-4864-b4a3-484d950d210b"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--54b8cb6f-001c-4864-b4a3-484d950d210b",
"name": "%Temp%\\<rnd_digit>.tmp"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54b8cb90-ce44-4091-9163-440d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T08:28:00.000Z",
"modified": "2015-01-16T08:28:00.000Z",
"first_observed": "2015-01-16T08:28:00Z",
"last_observed": "2015-01-16T08:28:00Z",
"number_observed": 1,
"object_refs": [
"file--54b8cb90-ce44-4091-9163-440d950d210b"
],
"labels": [
"misp:type=\"filename\"",
"misp:category=\"Artifacts dropped\""
]
},
{
"type": "file",
"spec_version": "2.1",
"id": "file--54b8cb90-ce44-4091-9163-440d950d210b",
"name": "%WinDir\\AppPatch\\<rnd_alpha>.exe"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54b8ce06-5244-4c6d-ac48-430d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T08:38:30.000Z",
"modified": "2015-01-16T08:38:30.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "The backdoor ends its own execution and deletes its original file if the following processes run on the system:\r\n\r\nHookExplorer.exe\r\nproc_analyzer.exe\r\nsckTool.exe\r\nsniff_hit.exe\r\nsysAnalyzer.exe\r\nidag.exe\r\nollydbg.exe\r\ndumpcap.exe\r\nwireshark.exe\r\navp.exe"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54b8ce15-1390-48b5-b329-49c3950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T08:38:45.000Z",
"modified": "2015-01-16T08:38:45.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "If the backdoor launches without administrator privileges, it tries to access the administrator account by guessing a password:\r\n\r\nhelp\r\nstone\r\nserver\r\npass\r\nidontknow\r\nadministrator\r\nadmin\r\n666666\r\n111\r\n12345678\r\n1234\r\nsoccer\r\nabc123\r\npassword1\r\nfootball1\r\nfuckyou\r\nmonkey\r\niloveyou1\r\nsuperman1\r\nslipknot1\r\njordan23\r\nprincess1\r\nliverpool1\r\nmonkey1\r\nbaseball1\r\n123abc\r\nqwerty1\r\nblink182\r\nmyspace1\r\npop\r\nuser111\r\n098765\r\nqweryuiopas\r\nqwe\r\nqwer\r\nqwert\r\nqwerty\r\nasdfg\r\nchort\r\nnah\r\nxak\r\nxaep\r\n111111\r\n12345\r\n2013\r\n2007\r\n2207\r\n110\r\n5554\r\n775\r\n354\r\n1982\r\n123\r\npassword\r\n123456"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54b8ce2b-1cd8-4a4d-88c2-4e5a950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T08:39:07.000Z",
"modified": "2015-01-16T08:39:07.000Z",
"first_observed": "2015-01-16T08:39:07Z",
"last_observed": "2015-01-16T08:39:07Z",
"number_observed": 1,
"object_refs": [
"domain-name--54b8ce2b-1cd8-4a4d-88c2-4e5a950d210b"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--54b8ce2b-1cd8-4a4d-88c2-4e5a950d210b",
"value": "www.bing.com"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54b8ce2c-bef0-45dd-b805-4c9f950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T08:39:08.000Z",
"modified": "2015-01-16T08:39:08.000Z",
"first_observed": "2015-01-16T08:39:08Z",
"last_observed": "2015-01-16T08:39:08Z",
"number_observed": 1,
"object_refs": [
"domain-name--54b8ce2c-bef0-45dd-b805-4c9f950d210b"
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\""
]
},
{
"type": "domain-name",
"spec_version": "2.1",
"id": "domain-name--54b8ce2c-bef0-45dd-b805-4c9f950d210b",
"value": "www.microsoft.com"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54b8ce41-6378-492b-813b-caa2950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T08:39:29.000Z",
"modified": "2015-01-16T08:39:29.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "comment",
"x_misp_value": "Installs hooks for following functions:\r\n\r\nDnsapi.dll:\r\nDnsQuery_A\r\nDnsQuery_UTF8\r\nDnsQuery_W\r\nQuery_Main\r\n\r\nuser32.dll:\r\nGetClipboardData\r\nTranslateMessage\r\nGetMessageA\r\nGetMessageW\r\nGetWindowTextA\r\nOpenDesktopA\r\nOpenDesktopW\r\nTrackPopupMenuEx\r\nOpenDesktopW\r\nOpenInputDesktop\r\nSwitchDesktop\r\nGetUpdatedClipboardFormats\r\nCloseClipboard\r\nCountClipboardFormats\r\nEmptyClipboard\r\nGetPriorityClipboardFormat\r\nIsClipboardFormatAvailable\r\nSetClipboardData\r\nFlashWindowEx\r\nFlashWindow\r\nGetCursorPos\r\nSetCursorPos\r\nSetCapture\r\nReleaseCapture\r\nGetCapture\r\nDefWindowProcW\r\nDefWindowProcA\r\nDefDlgProcW\r\nDefDlgProcA\r\nDefFrameProcW\r\nDefWindowProcA\r\nDefMDIChildProcA\r\nCallWindowProcW\r\nCallWindowProcA\r\nPeekMessageW\r\nPeekMessageA\r\n\r\nadvapi32.dll:\r\nCryptEncrypt\r\n\r\nntdll.dll:\r\nNtQuerySystemInformation\r\n\r\nws2_32.dll:\r\nsend\r\nWSASend\r\nWSARecv\r\nrecv\r\ngetaddrinfo\r\ngethostbyname\r\ninet_addr\r\n\r\nkernel32.dll:\r\nCreateFileW\r\nGetFileAttributesW \r\n\r\nCrypt32.dll:\r\nCertVerifyCertificateChainPolicy\r\n\r\nWininet.dll:\r\nHttpSendRequestA\r\nHttpSendRequestW\r\nHttpSendRequestExA\r\nHttpSendRequestExW\r\nInternetQueryDataAvailable\r\nInternetReadFile\r\nInternetReadFileExA\r\nInternetReadFileExW\r\nInternetCloseHandle \r\n\r\nnspr4.dll:\r\nPR_Write\r\nPR_Read\r\nPR_Close\r\nPR_OpenTCPSocket \r\n\r\nsks2xyz.dll:\r\nvb_pfx_import \r\n\r\nFilialRCon.dll:\r\nRCN_R50Buffer\r\n\r\nmespro.dll:\r\nAddPSEPrivateKeyEx\r\nAddSigner"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d3b3-f798-4bb8-904b-d90d950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:02:43.000Z",
"modified": "2015-01-16T09:02:43.000Z",
"pattern": "[file:hashes.MD5 = '31e855d428195a27077d535e4b0778cd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:02:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d3c4-12d4-42ad-8559-4762950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:03:00.000Z",
"modified": "2015-01-16T09:03:00.000Z",
"pattern": "[file:hashes.MD5 = '9d1f4902e2eb83feab79175dd89b1912']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:03:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d400-56f4-4318-8431-44ac950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:00.000Z",
"modified": "2015-01-16T09:04:00.000Z",
"pattern": "[domain-name:value = 'xubifaremin.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d400-5fbc-4e33-8b8b-40fc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:00.000Z",
"modified": "2015-01-16T09:04:00.000Z",
"pattern": "[domain-name:value = 'dixemazufel.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d400-eba0-49eb-9a1e-49cc950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:00.000Z",
"modified": "2015-01-16T09:04:00.000Z",
"pattern": "[domain-name:value = 'lyvejujolec.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d400-5a64-4787-80ff-4d33950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:00.000Z",
"modified": "2015-01-16T09:04:00.000Z",
"pattern": "[domain-name:value = 'marytymenok.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:00Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d401-98e4-452d-bfe5-4367950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:01.000Z",
"modified": "2015-01-16T09:04:01.000Z",
"pattern": "[domain-name:value = 'vojacikigep.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d401-d444-4f3c-b032-4336950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:01.000Z",
"modified": "2015-01-16T09:04:01.000Z",
"pattern": "[domain-name:value = 'gadufiwabim.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d401-8a64-4961-9851-4947950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:01.000Z",
"modified": "2015-01-16T09:04:01.000Z",
"pattern": "[domain-name:value = 'xuxusujenes.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d401-2f08-481c-a5e0-49f8950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:01.000Z",
"modified": "2015-01-16T09:04:01.000Z",
"pattern": "[domain-name:value = 'fogeliwokih.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d401-9a34-43a7-b364-4128950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:01.000Z",
"modified": "2015-01-16T09:04:01.000Z",
"pattern": "[domain-name:value = 'jewuqyjywyv.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d401-62c8-41d7-a411-48aa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:01.000Z",
"modified": "2015-01-16T09:04:01.000Z",
"pattern": "[domain-name:value = 'masisokemep.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d401-4178-4b8e-bb3f-47f1950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:01.000Z",
"modified": "2015-01-16T09:04:01.000Z",
"pattern": "[domain-name:value = 'nofyjikoxex.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d401-3c0c-4e5e-ad2a-4aa9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:01.000Z",
"modified": "2015-01-16T09:04:01.000Z",
"pattern": "[domain-name:value = 'qetoqolusex.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d401-21c4-40d2-8a72-4b0e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:01.000Z",
"modified": "2015-01-16T09:04:01.000Z",
"pattern": "[domain-name:value = 'jepororyrih.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d401-374c-4667-bb9b-45c9950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:01.000Z",
"modified": "2015-01-16T09:04:01.000Z",
"pattern": "[domain-name:value = 'rynazuqihoj.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d401-a238-48d7-90ad-40aa950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:01.000Z",
"modified": "2015-01-16T09:04:01.000Z",
"pattern": "[domain-name:value = 'dikoniwudim.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d401-b8d8-4e5e-a9d7-4cac950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:01.000Z",
"modified": "2015-01-16T09:04:01.000Z",
"pattern": "[domain-name:value = 'kemocujufys.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:01Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d402-18b0-4bcf-a93e-454b950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:02.000Z",
"modified": "2015-01-16T09:04:02.000Z",
"pattern": "[domain-name:value = 'voniqofolyt.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d402-9978-43ab-b9c6-464e950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:02.000Z",
"modified": "2015-01-16T09:04:02.000Z",
"pattern": "[domain-name:value = 'dimutobihom.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d402-d264-45d2-b5d0-4f04950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:02.000Z",
"modified": "2015-01-16T09:04:02.000Z",
"pattern": "[domain-name:value = 'makagucyraj.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d402-7da0-469c-95a7-4bb6950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:02.000Z",
"modified": "2015-01-16T09:04:02.000Z",
"pattern": "[domain-name:value = 'qebahilojam.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--54b8d402-4ca8-4cb7-a2ba-4385950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:02.000Z",
"modified": "2015-01-16T09:04:02.000Z",
"pattern": "[domain-name:value = 'tufecagemyl.eu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2015-01-16T09:04:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--54b8d42d-207c-421a-8b10-4611950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:04:45.000Z",
"modified": "2015-01-16T09:04:45.000Z",
"labels": [
"misp:type=\"comment\"",
"misp:category=\"Network activity\""
],
"x_misp_category": "Network activity",
"x_misp_type": "comment",
"x_misp_value": "Seem to use a domain generation algorithm"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--54b8de9d-49a4-4b93-bb52-4662950d210b",
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
"created": "2015-01-16T09:49:17.000Z",
"modified": "2015-01-16T09:49:17.000Z",
"first_observed": "2015-01-16T09:49:17Z",
"last_observed": "2015-01-16T09:49:17Z",
"number_observed": 1,
"object_refs": [
"url--54b8de9d-49a4-4b93-bb52-4662950d210b"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--54b8de9d-49a4-4b93-bb52-4662950d210b",
"value": "http://doc.emergingthreats.net/bin/view/Main/WebSearch?search=shiz&scope=all&web=Main"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:GREEN",
"definition": {
"tlp": "green"
}
}
]
}