3891 lines
No EOL
161 KiB
JSON
3891 lines
No EOL
161 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5667e3ea-cec4-4a67-b7c0-f7a9950d210b",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-30T11:55:05.000Z",
|
|
"modified": "2016-12-30T11:55:05.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5667e3ea-cec4-4a67-b7c0-f7a9950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-12-30T11:55:05.000Z",
|
|
"modified": "2016-12-30T11:55:05.000Z",
|
|
"name": "OSINT - Packrat: Seven Years of a South American Threat Actor",
|
|
"published": "2016-12-30T11:55:22Z",
|
|
"object_refs": [
|
|
"x-misp-attribute--5667e401-6e9c-4eb3-98e1-f81b950d210b",
|
|
"observed-data--5667e410-8d30-43cf-9b1d-f960950d210b",
|
|
"url--5667e410-8d30-43cf-9b1d-f960950d210b",
|
|
"indicator--5667e452-3bf8-471b-acf8-a716950d210b",
|
|
"indicator--5667e453-96b0-4ea7-8fa9-a716950d210b",
|
|
"indicator--5667e453-d6a8-4f26-9595-a716950d210b",
|
|
"indicator--5667e453-9844-4a09-8210-a716950d210b",
|
|
"indicator--5667e454-d170-4f35-b5ab-a716950d210b",
|
|
"indicator--5667e454-8938-4b22-b5b9-a716950d210b",
|
|
"indicator--5667e455-95a4-4032-bfeb-a716950d210b",
|
|
"indicator--5667e455-3cdc-4f27-bc4b-a716950d210b",
|
|
"indicator--5667e455-6c28-47e0-8e49-a716950d210b",
|
|
"indicator--5667e456-bd6c-4d1a-8598-a716950d210b",
|
|
"indicator--5667e456-2854-42f3-aa2e-a716950d210b",
|
|
"indicator--5667e457-44e4-48b8-8e12-a716950d210b",
|
|
"indicator--5667e457-474c-45c8-bdaf-a716950d210b",
|
|
"indicator--5667e457-9a50-4638-8336-a716950d210b",
|
|
"indicator--5667e458-d6ac-4a1e-818e-a716950d210b",
|
|
"indicator--5667e458-ddf4-46db-975f-a716950d210b",
|
|
"indicator--5667e459-e850-4104-bb40-a716950d210b",
|
|
"indicator--5667e459-43b4-4d18-8872-a716950d210b",
|
|
"indicator--5667e459-983c-43e3-957e-a716950d210b",
|
|
"indicator--5667e45a-9ad4-4a75-884a-a716950d210b",
|
|
"indicator--5667e45a-1054-4477-8565-a716950d210b",
|
|
"indicator--5667e45b-a24c-450f-88c8-a716950d210b",
|
|
"indicator--5667e45b-406c-4a1e-a719-a716950d210b",
|
|
"indicator--5667e45b-f2fc-4b3a-a444-a716950d210b",
|
|
"indicator--5667e47f-5094-40f4-9c1a-f960950d210b",
|
|
"indicator--5667e4a8-1b1c-48b6-9795-f81b950d210b",
|
|
"indicator--5667e4a8-71a0-40f7-b18e-f81b950d210b",
|
|
"indicator--5667e4a9-0a2c-497f-b668-f81b950d210b",
|
|
"indicator--5667e4a9-f478-42aa-b3aa-f81b950d210b",
|
|
"indicator--5667e4aa-20e4-41ef-ba84-f81b950d210b",
|
|
"indicator--5667e4aa-4a54-40ef-aefd-f81b950d210b",
|
|
"indicator--5667e4aa-bf4c-4fd9-93cc-f81b950d210b",
|
|
"indicator--5667e4ab-dd04-49c9-bd1a-f81b950d210b",
|
|
"indicator--5667e4ab-a764-4673-9d1b-f81b950d210b",
|
|
"indicator--5667e4ac-d7c8-4e98-ae7a-f81b950d210b",
|
|
"indicator--5667e4ac-aa0c-4669-9241-f81b950d210b",
|
|
"indicator--5667e4ad-92fc-4ba3-b301-f81b950d210b",
|
|
"indicator--5667e4ad-1784-4d65-8e7f-f81b950d210b",
|
|
"x-misp-attribute--5667e4c9-549c-4a4f-8db4-e992950d210b",
|
|
"indicator--5667e4e2-db00-4452-ae1e-edb5950d210b",
|
|
"indicator--5667e4e3-42e0-4ffc-b9e7-edb5950d210b",
|
|
"indicator--5667e4e3-0958-4c15-aae1-edb5950d210b",
|
|
"indicator--5667e4e4-0b54-4931-b663-edb5950d210b",
|
|
"indicator--5667e4e4-b994-4df8-98ee-edb5950d210b",
|
|
"indicator--5667e4e4-caa8-4af6-ae94-edb5950d210b",
|
|
"indicator--5667e4e5-08d0-4fe7-89ac-edb5950d210b",
|
|
"indicator--5667e4e5-f194-43f2-ad6d-edb5950d210b",
|
|
"indicator--5667e4e6-922c-4cc7-a8b5-edb5950d210b",
|
|
"indicator--5667e4e6-2b24-4264-b41c-edb5950d210b",
|
|
"indicator--5667e4e6-903c-42b2-8477-edb5950d210b",
|
|
"indicator--5667e4e7-6978-4808-b4e8-edb5950d210b",
|
|
"indicator--5667e4e7-995c-46eb-8f36-edb5950d210b",
|
|
"indicator--5667e4e8-c328-4a10-a6d6-edb5950d210b",
|
|
"indicator--5667e4e8-cbf8-4379-844e-edb5950d210b",
|
|
"indicator--5667e4e8-cdc4-43b0-a73e-edb5950d210b",
|
|
"indicator--5667e507-0344-4359-a157-f960950d210b",
|
|
"indicator--5667e508-ca08-4949-9e4b-f960950d210b",
|
|
"indicator--5667e508-90a4-4701-b9f8-f960950d210b",
|
|
"indicator--5667e509-bd5c-4596-a28b-f960950d210b",
|
|
"indicator--5667e509-545c-4ba7-bc6b-f960950d210b",
|
|
"indicator--5667e50a-daf4-455a-a8a9-f960950d210b",
|
|
"indicator--5667e50b-ab48-4dc1-86fa-f960950d210b",
|
|
"indicator--5667e50b-6a9c-480c-9242-f960950d210b",
|
|
"indicator--5667e50c-3ccc-475a-b15a-f960950d210b",
|
|
"indicator--5667e50c-cddc-4309-b155-f960950d210b",
|
|
"indicator--5667e50d-793c-4a5a-a478-f960950d210b",
|
|
"indicator--5667e50d-f5ec-42ed-8ac6-f960950d210b",
|
|
"indicator--5667e50e-e410-459a-b2ed-f960950d210b",
|
|
"indicator--5667e50e-e490-40e2-bd98-f960950d210b",
|
|
"indicator--5667e50f-6db0-4064-bd55-f960950d210b",
|
|
"indicator--5667e510-02bc-493c-8240-f960950d210b",
|
|
"indicator--5667e511-e4e8-4892-9027-f960950d210b",
|
|
"indicator--5667e511-7824-4f52-a52d-f960950d210b",
|
|
"indicator--5667e511-6ac0-4635-bd58-f960950d210b",
|
|
"indicator--5667e512-9bbc-4cb6-8288-f960950d210b",
|
|
"indicator--5667e512-3624-4358-9bc6-f960950d210b",
|
|
"indicator--5667e513-7340-49f8-ae5f-f960950d210b",
|
|
"indicator--5667e513-5658-4783-8e49-f960950d210b",
|
|
"indicator--5667e513-4720-48ae-87fc-f960950d210b",
|
|
"indicator--5667e514-abc4-4173-b18e-f960950d210b",
|
|
"indicator--5667e514-92a8-424f-98af-f960950d210b",
|
|
"indicator--5667e515-1c04-4d03-8b70-f960950d210b",
|
|
"indicator--5667e515-0730-4e79-9d2c-f960950d210b",
|
|
"indicator--5667e515-bc58-44a4-88af-f960950d210b",
|
|
"indicator--5667e516-c4f0-46cb-b238-f960950d210b",
|
|
"indicator--5667e516-f010-4bac-8040-f960950d210b",
|
|
"indicator--5667e53b-3ca4-4eee-bf5d-4e13950d210b",
|
|
"observed-data--5667e577-2274-451b-9464-4bb9950d210b",
|
|
"url--5667e577-2274-451b-9464-4bb9950d210b",
|
|
"indicator--5667e577-20e8-4751-ae33-4a5e950d210b",
|
|
"indicator--5667e578-4b0c-4c1e-b926-435c950d210b",
|
|
"observed-data--5667e578-6fd4-43f7-9b32-443f950d210b",
|
|
"url--5667e578-6fd4-43f7-9b32-443f950d210b",
|
|
"indicator--5667e578-cb50-4d2f-a8f3-420e950d210b",
|
|
"indicator--5667e579-61e8-4a3a-a281-47ab950d210b",
|
|
"observed-data--5667e579-8a8c-4006-9f0d-444e950d210b",
|
|
"url--5667e579-8a8c-4006-9f0d-444e950d210b",
|
|
"indicator--5667e57a-8ff4-4c0c-b502-457a950d210b",
|
|
"indicator--5667e57a-65b0-41b0-a157-490a950d210b",
|
|
"observed-data--5667e57b-d2bc-4d76-ad4c-4686950d210b",
|
|
"url--5667e57b-d2bc-4d76-ad4c-4686950d210b",
|
|
"indicator--5667e57b-31e0-4526-b653-4562950d210b",
|
|
"indicator--5667e57b-f5c0-47fd-96f1-4f7d950d210b",
|
|
"observed-data--5667e57c-d3d8-491e-8b45-4dfe950d210b",
|
|
"url--5667e57c-d3d8-491e-8b45-4dfe950d210b",
|
|
"indicator--5667e57c-afb4-40f5-8d26-4310950d210b",
|
|
"indicator--5667e57d-6338-46cd-a192-426d950d210b",
|
|
"observed-data--5667e57d-54b0-4922-8622-492f950d210b",
|
|
"url--5667e57d-54b0-4922-8622-492f950d210b",
|
|
"indicator--5667e57d-b090-4188-beea-4594950d210b",
|
|
"indicator--5667e57e-49f0-4e1f-a813-4ced950d210b",
|
|
"observed-data--5667e57e-b1bc-4e87-ab9e-4352950d210b",
|
|
"url--5667e57e-b1bc-4e87-ab9e-4352950d210b",
|
|
"indicator--5667e57f-c0a8-4481-838f-44ea950d210b",
|
|
"indicator--5667e57f-b860-4cd8-b8c2-4385950d210b",
|
|
"observed-data--5667e57f-ee74-4aa4-a678-422e950d210b",
|
|
"url--5667e57f-ee74-4aa4-a678-422e950d210b",
|
|
"indicator--5667e580-eb28-4342-9146-4dc2950d210b",
|
|
"indicator--5667e580-dbf4-497e-b8aa-4ef0950d210b",
|
|
"observed-data--5667e581-0b4c-4284-af44-4a26950d210b",
|
|
"url--5667e581-0b4c-4284-af44-4a26950d210b",
|
|
"indicator--5667e581-39f8-44d5-89cf-4714950d210b",
|
|
"indicator--5667e582-f7a0-4922-95c1-48d5950d210b",
|
|
"observed-data--5667e582-f768-4519-b17c-4ea0950d210b",
|
|
"url--5667e582-f768-4519-b17c-4ea0950d210b",
|
|
"indicator--5667e582-a8fc-47b9-b870-4726950d210b",
|
|
"indicator--5667e583-23b4-4e42-84e7-4774950d210b",
|
|
"observed-data--5667e583-0974-4a75-8e37-4f00950d210b",
|
|
"url--5667e583-0974-4a75-8e37-4f00950d210b",
|
|
"indicator--5667e584-520c-4a98-99c8-4f2b950d210b",
|
|
"indicator--5667e584-8210-411c-aae7-4f3f950d210b",
|
|
"observed-data--5667e584-c494-4cbb-8bb8-428f950d210b",
|
|
"url--5667e584-c494-4cbb-8bb8-428f950d210b",
|
|
"indicator--5667e585-5c5c-4337-9504-4fe4950d210b",
|
|
"indicator--5667e585-d7e0-43ac-a5f6-4bfa950d210b",
|
|
"indicator--5667e680-8cec-4889-98f7-edb5950d210b",
|
|
"indicator--5667e681-d538-418a-9a13-edb5950d210b",
|
|
"indicator--5667e681-be28-4961-9760-edb5950d210b",
|
|
"indicator--5667e681-7044-4b83-9732-edb5950d210b",
|
|
"indicator--5667e682-9550-4fa5-b0d8-edb5950d210b",
|
|
"indicator--5667e682-9908-41b8-9545-edb5950d210b",
|
|
"indicator--5667e683-2b70-4b75-ad2c-edb5950d210b",
|
|
"indicator--5667e683-2dac-46cc-b3a3-edb5950d210b",
|
|
"indicator--5667e683-eaa4-4922-8f96-edb5950d210b",
|
|
"indicator--5667e684-6370-4800-9824-edb5950d210b",
|
|
"indicator--5667e684-8b98-4caa-b3ad-edb5950d210b",
|
|
"indicator--5667e685-573c-4291-afd5-edb5950d210b",
|
|
"indicator--5667e685-05e0-4e09-b025-edb5950d210b",
|
|
"indicator--5667e686-6b74-4921-8c3c-edb5950d210b",
|
|
"indicator--5667e687-2364-49c6-b12a-edb5950d210b",
|
|
"indicator--5667e688-f720-4205-be66-edb5950d210b",
|
|
"indicator--5667e688-35f0-4bea-a2a4-edb5950d210b",
|
|
"indicator--5667e689-1c74-457f-9003-edb5950d210b",
|
|
"indicator--5667e689-d464-4524-ae77-edb5950d210b",
|
|
"indicator--5667e68a-c428-47b6-8e89-edb5950d210b",
|
|
"indicator--5667e68a-bc2c-4922-9ead-edb5950d210b",
|
|
"indicator--5667e68b-818c-47cd-be91-edb5950d210b",
|
|
"indicator--5667e68c-ca04-403c-b56a-edb5950d210b",
|
|
"indicator--5667e68d-62e0-4ec9-a6e1-edb5950d210b",
|
|
"indicator--5667e68d-ba10-41c7-a602-edb5950d210b",
|
|
"indicator--5667e68d-2e38-4246-9aaf-edb5950d210b",
|
|
"indicator--5667e68e-29fc-4121-814c-edb5950d210b",
|
|
"indicator--5667e68e-02b8-4922-a4ab-edb5950d210b",
|
|
"indicator--5667e68f-4968-46d1-a6fb-edb5950d210b"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT",
|
|
"misp-galaxy:threat-actor=\"Packrat\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5667e401-6e9c-4eb3-98e1-f81b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:19:13.000Z",
|
|
"modified": "2015-12-09T08:19:13.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "This report describes an extensive malware, phishing, and disinformation campaign active in several Latin American countries, including Ecuador, Argentina, Venezuela, and Brazil. The nature and geographic spread of the targets seems to point to a sponsor, or sponsors, with regional, political interests. The attackers, whom we have named Packrat, have shown a keen and systematic interest in the political opposition and the independent press in so-called ALBA countries (Bolivarian Alternative for the Americas), and their recently allied regimes. These countries are linked by a trade agreement as well as a cooperation on a range of non-financial matters.\r\n\r\nAfter observing a wave of attacks in Ecuador in 2015, we linked these attacks to a campaign active in Argentina in 2014. The targeting in Argentina was discovered when the attackers attempted to compromise the devices of Alberto Nisman and Jorge Lanata. Building on what we had learned about these two campaigns, we then traced the group\u00e2\u20ac\u2122s activities back as far as 2008.\r\n\r\nThis report brings together many of the pieces of this campaign, from malware and phishing, to command and control infrastructure spread across Latin America. It also highlights fake online organizations that Packrat has created in Venezuela and Ecuador. Who is responsible? We assess several scenarios, and consider the most likely to be that Packrat is sponsored by a state actor or actors, given their apparent lack of concern about discovery, their targets, and their persistence. However, we do not conclusively attribute Packrat to a particular sponsor."
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5667e410-8d30-43cf-9b1d-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:19:28.000Z",
|
|
"modified": "2015-12-09T08:19:28.000Z",
|
|
"first_observed": "2015-12-09T08:19:28Z",
|
|
"last_observed": "2015-12-09T08:19:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5667e410-8d30-43cf-9b1d-f960950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5667e410-8d30-43cf-9b1d-f960950d210b",
|
|
"value": "https://citizenlab.org/2015/12/packrat-report/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e452-3bf8-471b-acf8-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:34.000Z",
|
|
"modified": "2015-12-09T08:20:34.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = 'dd1101adc86fd282f5f183942cc2f3b7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e453-96b0-4ea7-8fa9-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:35.000Z",
|
|
"modified": "2015-12-09T08:20:35.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'wjwj.no-ip.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e453-d6a8-4f26-9595-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:35.000Z",
|
|
"modified": "2015-12-09T08:20:35.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'ruley.no-ip.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e453-9844-4a09-8210-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:35.000Z",
|
|
"modified": "2015-12-09T08:20:35.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'lolinha.no-ip.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e454-d170-4f35-b5ab-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:36.000Z",
|
|
"modified": "2015-12-09T08:20:36.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = '2d722592a4e3c8030410dccccb221ce4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e454-8938-4b22-b5b9-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:36.000Z",
|
|
"modified": "2015-12-09T08:20:36.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = 'd2adecc6287dd4d559fe6ce2ce7a7e31']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e455-95a4-4032-bfeb-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:37.000Z",
|
|
"modified": "2015-12-09T08:20:37.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = '93b630891db21a4a2350280a360c713d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e455-3cdc-4f27-bc4b-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:37.000Z",
|
|
"modified": "2015-12-09T08:20:37.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = 'a73351623577f44a2b578fed1e78e37e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e455-6c28-47e0-8e49-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:37.000Z",
|
|
"modified": "2015-12-09T08:20:37.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = '5a8975873f52436377d8fb0b5ab0d87a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e456-bd6c-4d1a-8598-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:38.000Z",
|
|
"modified": "2015-12-09T08:20:38.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = 'ed8d7ed45b64890b8901b735018318f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e456-2854-42f3-aa2e-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:38.000Z",
|
|
"modified": "2015-12-09T08:20:38.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = 'c2237e9d415f542ce6e73adb260af123']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e457-44e4-48b8-8e12-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:39.000Z",
|
|
"modified": "2015-12-09T08:20:39.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = '2827450763b55c5e71fda3caaf8e75f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e457-474c-45c8-bdaf-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:39.000Z",
|
|
"modified": "2015-12-09T08:20:39.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = 'bc97437fec7e7e8634c2eabae3cc4832']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e457-9a50-4638-8336-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:39.000Z",
|
|
"modified": "2015-12-09T08:20:39.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'taskmgr.serveftp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e458-d6ac-4a1e-818e-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:40.000Z",
|
|
"modified": "2015-12-09T08:20:40.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = 'd7f34168b1a7dd7cbd8e62a5ab1ebc0e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e458-ddf4-46db-975f-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:40.000Z",
|
|
"modified": "2015-12-09T08:20:40.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'taskmgr.servehttp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e459-e850-4104-bb40-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:41.000Z",
|
|
"modified": "2015-12-09T08:20:41.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = '6c34d4296126679d9c6a0bc2660dc453']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e459-43b4-4d18-8872-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:41.000Z",
|
|
"modified": "2015-12-09T08:20:41.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = 'efc0009d76a2057f86c5f00030378c72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e459-983c-43e3-957e-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:41.000Z",
|
|
"modified": "2015-12-09T08:20:41.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'daynews.sytes.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e45a-9ad4-4a75-884a-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:42.000Z",
|
|
"modified": "2015-12-09T08:20:42.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = '74613eae84347183b4ca61b912a4573f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e45a-1054-4477-8565-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:42.000Z",
|
|
"modified": "2015-12-09T08:20:42.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = 'd2f151312f7dee2483ddcab9766b56db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e45b-a24c-450f-88c8-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:43.000Z",
|
|
"modified": "2015-12-09T08:20:43.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = 'ea7bcf58a4ccdecb0c64e56b9998a4ac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e45b-406c-4a1e-a719-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:43.000Z",
|
|
"modified": "2015-12-09T08:20:43.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = '1e4265a0c37773c2372b97bb6630ae57']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e45b-f2fc-4b3a-a444-a716950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:20:43.000Z",
|
|
"modified": "2015-12-09T08:20:43.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[file:hashes.MD5 = '08a3bb5b220eb1e0dc2ecccbbc6859f5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:20:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e47f-5094-40f4-9c1a-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:21:19.000Z",
|
|
"modified": "2015-12-09T08:21:19.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.12.150.249']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:21:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4a8-1b1c-48b6-9795-f81b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:00.000Z",
|
|
"modified": "2015-12-09T08:22:00.000Z",
|
|
"description": "Suspicious domains registered by enripintos123@outlook.es",
|
|
"pattern": "[domain-name:value = 'support-java.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4a8-71a0-40f7-b18e-f81b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:00.000Z",
|
|
"modified": "2015-12-09T08:22:00.000Z",
|
|
"description": "Suspicious domains registered by enripintos123@outlook.es",
|
|
"pattern": "[domain-name:value = 'lavozamericana.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4a9-0a2c-497f-b668-f81b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:01.000Z",
|
|
"modified": "2015-12-09T08:22:01.000Z",
|
|
"description": "Suspicious domains registered by enripintos123@outlook.es",
|
|
"pattern": "[domain-name:value = 'login-office365.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4a9-f478-42aa-b3aa-f81b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:01.000Z",
|
|
"modified": "2015-12-09T08:22:01.000Z",
|
|
"description": "Suspicious domains registered by enripintos123@outlook.es",
|
|
"pattern": "[domain-name:value = 'support-whatsapp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4aa-20e4-41ef-ba84-f81b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:02.000Z",
|
|
"modified": "2015-12-09T08:22:02.000Z",
|
|
"description": "Suspicious domains registered by enripintos123@outlook.es",
|
|
"pattern": "[domain-name:value = 'mgoogle.us']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4aa-4a54-40ef-aefd-f81b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:02.000Z",
|
|
"modified": "2015-12-09T08:22:02.000Z",
|
|
"description": "Suspicious domains registered by enripintos123@outlook.es",
|
|
"pattern": "[domain-name:value = 'android-flash.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4aa-bf4c-4fd9-93cc-f81b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:02.000Z",
|
|
"modified": "2015-12-09T08:22:02.000Z",
|
|
"description": "Suspicious domains registered by enripintos123@outlook.es",
|
|
"pattern": "[domain-name:value = 'pancaliente.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4ab-dd04-49c9-bd1a-f81b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:03.000Z",
|
|
"modified": "2015-12-09T08:22:03.000Z",
|
|
"description": "Suspicious domains registered by enripintos123@outlook.es",
|
|
"pattern": "[domain-name:value = 'soporte-gmail.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4ab-a764-4673-9d1b-f81b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:03.000Z",
|
|
"modified": "2015-12-09T08:22:03.000Z",
|
|
"description": "Suspicious domains registered by enripintos123@outlook.es",
|
|
"pattern": "[domain-name:value = 'soporte-yahoo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4ac-d7c8-4e98-ae7a-f81b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:04.000Z",
|
|
"modified": "2015-12-09T08:22:04.000Z",
|
|
"description": "Suspicious domains registered by enripintos123@outlook.es",
|
|
"pattern": "[domain-name:value = 'autorizacion-gmail.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4ac-aa0c-4669-9241-f81b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:04.000Z",
|
|
"modified": "2015-12-09T08:22:04.000Z",
|
|
"description": "Suspicious domains registered by enripintos123@outlook.es",
|
|
"pattern": "[domain-name:value = 'support-gmail.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4ad-92fc-4ba3-b301-f81b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:05.000Z",
|
|
"modified": "2015-12-09T08:22:05.000Z",
|
|
"description": "Suspicious domains registered by enripintos123@outlook.es",
|
|
"pattern": "[domain-name:value = 'login-outlook.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4ad-1784-4d65-8e7f-f81b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:05.000Z",
|
|
"modified": "2015-12-09T08:22:05.000Z",
|
|
"description": "Suspicious domains registered by enripintos123@outlook.es",
|
|
"pattern": "[domain-name:value = 'logon-outlook.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--5667e4c9-549c-4a4f-8db4-e992950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:33.000Z",
|
|
"modified": "2015-12-09T08:22:33.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Attribution\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_comment": "Whois record (registrant)",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "enripintos123@outlook.es"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e2-db00-4452-ae1e-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:58.000Z",
|
|
"modified": "2015-12-09T08:22:58.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = 'support-login-validate-outlook.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e3-42e0-4ffc-b9e7-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:59.000Z",
|
|
"modified": "2015-12-09T08:22:59.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = 'verify-gmail-support-secure.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e3-0958-4c15-aae1-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:22:59.000Z",
|
|
"modified": "2015-12-09T08:22:59.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = 'soporte-login-account-gmail.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:22:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e4-0b54-4931-b663-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:00.000Z",
|
|
"modified": "2015-12-09T08:23:00.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = 'soporte-login-account-yahoo.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e4-b994-4df8-98ee-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:00.000Z",
|
|
"modified": "2015-12-09T08:23:00.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = 'focusecuador.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e4-caa8-4af6-ae94-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:00.000Z",
|
|
"modified": "2015-12-09T08:23:00.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = '1.update-outlook.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e5-08d0-4fe7-89ac-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:01.000Z",
|
|
"modified": "2015-12-09T08:23:01.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = '2.update-outlook.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e5-f194-43f2-ad6d-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:01.000Z",
|
|
"modified": "2015-12-09T08:23:01.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = '1.desk-yahoo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e6-922c-4cc7-a8b5-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:02.000Z",
|
|
"modified": "2015-12-09T08:23:02.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = '2.desk-yahoo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e6-2b24-4264-b41c-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:02.000Z",
|
|
"modified": "2015-12-09T08:23:02.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = '2.mlogin-outlook.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e6-903c-42b2-8477-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:02.000Z",
|
|
"modified": "2015-12-09T08:23:02.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = '1.mlogin-outlook.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e7-6978-4808-b4e8-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:03.000Z",
|
|
"modified": "2015-12-09T08:23:03.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = '1.soporte-google.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e7-995c-46eb-8f36-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:03.000Z",
|
|
"modified": "2015-12-09T08:23:03.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = '2.soporte-google.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e8-c328-4a10-a6d6-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:04.000Z",
|
|
"modified": "2015-12-09T08:23:04.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = 'mlogin-outlook.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e8-cbf8-4379-844e-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:04.000Z",
|
|
"modified": "2015-12-09T08:23:04.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = 'ns2.mlogin-outlook.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e4e8-cdc4-43b0-a73e-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:04.000Z",
|
|
"modified": "2015-12-09T08:23:04.000Z",
|
|
"description": "193.105.134.27",
|
|
"pattern": "[domain-name:value = 'ns1.mlogin-outlook.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e507-0344-4359-a157-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:35.000Z",
|
|
"modified": "2015-12-09T08:23:35.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'soporte-yahoo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e508-ca08-4949-9e4b-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:36.000Z",
|
|
"modified": "2015-12-09T08:23:36.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'update-outlook.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e508-90a4-4701-b9f8-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:36.000Z",
|
|
"modified": "2015-12-09T08:23:36.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'deyrep.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e509-bd5c-4596-a28b-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:37.000Z",
|
|
"modified": "2015-12-09T08:23:37.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'support-whatsapp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e509-545c-4ba7-bc6b-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:37.000Z",
|
|
"modified": "2015-12-09T08:23:37.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'blackboxmusic.co']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e50a-daf4-455a-a8a9-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:38.000Z",
|
|
"modified": "2015-12-09T08:23:38.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'www.blackboxmusic.co']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e50b-ab48-4dc1-86fa-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:39.000Z",
|
|
"modified": "2015-12-09T08:23:39.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'mail-account-update.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e50b-6a9c-480c-9242-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:39.000Z",
|
|
"modified": "2015-12-09T08:23:39.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'soporte-gmail.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e50c-3ccc-475a-b15a-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:40.000Z",
|
|
"modified": "2015-12-09T08:23:40.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'login-office365.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e50c-cddc-4309-b155-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:40.000Z",
|
|
"modified": "2015-12-09T08:23:40.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'lavozmericana.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e50d-793c-4a5a-a478-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:41.000Z",
|
|
"modified": "2015-12-09T08:23:41.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'support-java.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e50d-f5ec-42ed-8ac6-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:41.000Z",
|
|
"modified": "2015-12-09T08:23:41.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'pancaliente.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e50e-e410-459a-b2ed-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:42.000Z",
|
|
"modified": "2015-12-09T08:23:42.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'logon-outlook.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e50e-e490-40e2-bd98-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:42.000Z",
|
|
"modified": "2015-12-09T08:23:42.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'movimientoanticorreista.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e50f-6db0-4064-bd55-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:43.000Z",
|
|
"modified": "2015-12-09T08:23:43.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'mgoogle.us']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e510-02bc-493c-8240-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:44.000Z",
|
|
"modified": "2015-12-09T08:23:44.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'lavozamericana.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e511-e4e8-4892-9027-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:45.000Z",
|
|
"modified": "2015-12-09T08:23:45.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'n3.pancaliente.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e511-7824-4f52-a52d-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:45.000Z",
|
|
"modified": "2015-12-09T08:23:45.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'n4.pancaliente.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e511-6ac0-4635-bd58-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:45.000Z",
|
|
"modified": "2015-12-09T08:23:45.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'ns1.deyrep.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e512-9bbc-4cb6-8288-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:46.000Z",
|
|
"modified": "2015-12-09T08:23:46.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'ns2.deyrep.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e512-3624-4358-9bc6-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:46.000Z",
|
|
"modified": "2015-12-09T08:23:46.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'n1.login-office365.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e513-7340-49f8-ae5f-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:47.000Z",
|
|
"modified": "2015-12-09T08:23:47.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'n2.login-office365.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e513-5658-4783-8e49-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:47.000Z",
|
|
"modified": "2015-12-09T08:23:47.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = '1.lavozamericana.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e513-4720-48ae-87fc-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:47.000Z",
|
|
"modified": "2015-12-09T08:23:47.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = '2.lavozamericana.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e514-abc4-4173-b18e-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:48.000Z",
|
|
"modified": "2015-12-09T08:23:48.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'n1.update-outlook.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e514-92a8-424f-98af-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:48.000Z",
|
|
"modified": "2015-12-09T08:23:48.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'ns.update-outlook.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e515-1c04-4d03-8b70-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:49.000Z",
|
|
"modified": "2015-12-09T08:23:49.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = '1.chavistas24.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e515-0730-4e79-9d2c-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:49.000Z",
|
|
"modified": "2015-12-09T08:23:49.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = '2.chavistas24.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e515-bc58-44a4-88af-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:49.000Z",
|
|
"modified": "2015-12-09T08:23:49.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 's1.mgoogle.us']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e516-c4f0-46cb-b238-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:50.000Z",
|
|
"modified": "2015-12-09T08:23:50.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 's2.mgoogle.us']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e516-f010-4bac-8040-f960950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:23:50.000Z",
|
|
"modified": "2015-12-09T08:23:50.000Z",
|
|
"description": "198.12.150.249",
|
|
"pattern": "[domain-name:value = 'chavistas24.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:23:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e53b-3ca4-4eee-bf5d-4e13950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:24:27.000Z",
|
|
"modified": "2015-12-09T08:24:27.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.105.134.27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:24:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5667e577-2274-451b-9464-4bb9950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:27.000Z",
|
|
"modified": "2015-12-09T08:25:27.000Z",
|
|
"first_observed": "2015-12-09T08:25:27Z",
|
|
"last_observed": "2015-12-09T08:25:27Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5667e577-2274-451b-9464-4bb9950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5667e577-2274-451b-9464-4bb9950d210b",
|
|
"value": "https://www.virustotal.com/file/56ea4781ccefb7596e77fcb7a57fb703007f2fb9b94fe33a3cc5257ab7996d1c/analysis/1449039349/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e577-20e8-4751-ae33-4a5e950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:27.000Z",
|
|
"modified": "2015-12-09T08:25:27.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 6c34d4296126679d9c6a0bc2660dc453",
|
|
"pattern": "[file:hashes.SHA256 = '1f76c2957c2c39ec83a817479dda38c5047d153dbe466c2aabff7b4354e0647f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e578-4b0c-4c1e-b926-435c950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:28.000Z",
|
|
"modified": "2015-12-09T08:25:28.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 6c34d4296126679d9c6a0bc2660dc453",
|
|
"pattern": "[file:hashes.SHA1 = '8418833e6898e07c8a3124ec79ccb531306830c2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5667e578-6fd4-43f7-9b32-443f950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:28.000Z",
|
|
"modified": "2015-12-09T08:25:28.000Z",
|
|
"first_observed": "2015-12-09T08:25:28Z",
|
|
"last_observed": "2015-12-09T08:25:28Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5667e578-6fd4-43f7-9b32-443f950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5667e578-6fd4-43f7-9b32-443f950d210b",
|
|
"value": "https://www.virustotal.com/file/1f76c2957c2c39ec83a817479dda38c5047d153dbe466c2aabff7b4354e0647f/analysis/1425547957/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e578-cb50-4d2f-a8f3-420e950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:28.000Z",
|
|
"modified": "2015-12-09T08:25:28.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: d7f34168b1a7dd7cbd8e62a5ab1ebc0e",
|
|
"pattern": "[file:hashes.SHA256 = '7a763ecc8ab23c3ade2455c2e91b506be910bed686fc3d32acb9574d7d5abf27']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e579-61e8-4a3a-a281-47ab950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:29.000Z",
|
|
"modified": "2015-12-09T08:25:29.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: d7f34168b1a7dd7cbd8e62a5ab1ebc0e",
|
|
"pattern": "[file:hashes.SHA1 = 'a5864e9eb81755992d16138ddbd1e40c3fef3464']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5667e579-8a8c-4006-9f0d-444e950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:29.000Z",
|
|
"modified": "2015-12-09T08:25:29.000Z",
|
|
"first_observed": "2015-12-09T08:25:29Z",
|
|
"last_observed": "2015-12-09T08:25:29Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5667e579-8a8c-4006-9f0d-444e950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5667e579-8a8c-4006-9f0d-444e950d210b",
|
|
"value": "https://www.virustotal.com/file/7a763ecc8ab23c3ade2455c2e91b506be910bed686fc3d32acb9574d7d5abf27/analysis/1406503376/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e57a-8ff4-4c0c-b502-457a950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:30.000Z",
|
|
"modified": "2015-12-09T08:25:30.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: bc97437fec7e7e8634c2eabae3cc4832",
|
|
"pattern": "[file:hashes.SHA256 = 'cfb7d7c6a5dbda5737e492bb2bacfecd975a4c0977050184a948dd5c25ab8b7d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e57a-65b0-41b0-a157-490a950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:30.000Z",
|
|
"modified": "2015-12-09T08:25:30.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: bc97437fec7e7e8634c2eabae3cc4832",
|
|
"pattern": "[file:hashes.SHA1 = 'cac350f2d108dfb81e33833d55f19d79a79d8a54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5667e57b-d2bc-4d76-ad4c-4686950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:31.000Z",
|
|
"modified": "2015-12-09T08:25:31.000Z",
|
|
"first_observed": "2015-12-09T08:25:31Z",
|
|
"last_observed": "2015-12-09T08:25:31Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5667e57b-d2bc-4d76-ad4c-4686950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5667e57b-d2bc-4d76-ad4c-4686950d210b",
|
|
"value": "https://www.virustotal.com/file/cfb7d7c6a5dbda5737e492bb2bacfecd975a4c0977050184a948dd5c25ab8b7d/analysis/1405023273/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e57b-31e0-4526-b653-4562950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:31.000Z",
|
|
"modified": "2015-12-09T08:25:31.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 2827450763b55c5e71fda3caaf8e75f9",
|
|
"pattern": "[file:hashes.SHA256 = '3c22bcf90b1f94691f9982de6d603f27517799684cbc77e0e1b08e327a0e4c00']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e57b-f5c0-47fd-96f1-4f7d950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:31.000Z",
|
|
"modified": "2015-12-09T08:25:31.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 2827450763b55c5e71fda3caaf8e75f9",
|
|
"pattern": "[file:hashes.SHA1 = '6e37f617bd982254d84860987c72bee0fc547fe2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5667e57c-d3d8-491e-8b45-4dfe950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:32.000Z",
|
|
"modified": "2015-12-09T08:25:32.000Z",
|
|
"first_observed": "2015-12-09T08:25:32Z",
|
|
"last_observed": "2015-12-09T08:25:32Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5667e57c-d3d8-491e-8b45-4dfe950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5667e57c-d3d8-491e-8b45-4dfe950d210b",
|
|
"value": "https://www.virustotal.com/file/3c22bcf90b1f94691f9982de6d603f27517799684cbc77e0e1b08e327a0e4c00/analysis/1370016723/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e57c-afb4-40f5-8d26-4310950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:32.000Z",
|
|
"modified": "2015-12-09T08:25:32.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c2237e9d415f542ce6e73adb260af123",
|
|
"pattern": "[file:hashes.SHA256 = '6eeb5bcfc5d28ccad251035b11b08d553f7d10e22574209524b71a0dff1dcd3f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e57d-6338-46cd-a192-426d950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:33.000Z",
|
|
"modified": "2015-12-09T08:25:33.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: c2237e9d415f542ce6e73adb260af123",
|
|
"pattern": "[file:hashes.SHA1 = '5784d614d6844343014c8205114c69bb472f1c20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5667e57d-54b0-4922-8622-492f950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:33.000Z",
|
|
"modified": "2015-12-09T08:25:33.000Z",
|
|
"first_observed": "2015-12-09T08:25:33Z",
|
|
"last_observed": "2015-12-09T08:25:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5667e57d-54b0-4922-8622-492f950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5667e57d-54b0-4922-8622-492f950d210b",
|
|
"value": "https://www.virustotal.com/file/6eeb5bcfc5d28ccad251035b11b08d553f7d10e22574209524b71a0dff1dcd3f/analysis/1368784928/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e57d-b090-4188-beea-4594950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:33.000Z",
|
|
"modified": "2015-12-09T08:25:33.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: ed8d7ed45b64890b8901b735018318f3",
|
|
"pattern": "[file:hashes.SHA256 = 'db6883b0dd7c5d3a23fb9609b087e8494cb08ca9d478878e07d868bf68e52267']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e57e-49f0-4e1f-a813-4ced950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:34.000Z",
|
|
"modified": "2015-12-09T08:25:34.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: ed8d7ed45b64890b8901b735018318f3",
|
|
"pattern": "[file:hashes.SHA1 = 'c80aebbe1bfd64308f329ceb79ee1b35559581a9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5667e57e-b1bc-4e87-ab9e-4352950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:34.000Z",
|
|
"modified": "2015-12-09T08:25:34.000Z",
|
|
"first_observed": "2015-12-09T08:25:34Z",
|
|
"last_observed": "2015-12-09T08:25:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5667e57e-b1bc-4e87-ab9e-4352950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5667e57e-b1bc-4e87-ab9e-4352950d210b",
|
|
"value": "https://www.virustotal.com/file/db6883b0dd7c5d3a23fb9609b087e8494cb08ca9d478878e07d868bf68e52267/analysis/1353091550/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e57f-c0a8-4481-838f-44ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:35.000Z",
|
|
"modified": "2015-12-09T08:25:35.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 5a8975873f52436377d8fb0b5ab0d87a",
|
|
"pattern": "[file:hashes.SHA256 = '7525af4888f939e7a1df51bb8737a887af0b705d72e89a0b573f35ea57ace888']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e57f-b860-4cd8-b8c2-4385950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:35.000Z",
|
|
"modified": "2015-12-09T08:25:35.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 5a8975873f52436377d8fb0b5ab0d87a",
|
|
"pattern": "[file:hashes.SHA1 = 'ddbfabcc9dccf34dd9e50493e9087b3a9cbcea66']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5667e57f-ee74-4aa4-a678-422e950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:35.000Z",
|
|
"modified": "2015-12-09T08:25:35.000Z",
|
|
"first_observed": "2015-12-09T08:25:35Z",
|
|
"last_observed": "2015-12-09T08:25:35Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5667e57f-ee74-4aa4-a678-422e950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5667e57f-ee74-4aa4-a678-422e950d210b",
|
|
"value": "https://www.virustotal.com/file/7525af4888f939e7a1df51bb8737a887af0b705d72e89a0b573f35ea57ace888/analysis/1351886880/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e580-eb28-4342-9146-4dc2950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:36.000Z",
|
|
"modified": "2015-12-09T08:25:36.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: a73351623577f44a2b578fed1e78e37e",
|
|
"pattern": "[file:hashes.SHA256 = 'e125218316467d4749e957b87201f8fd4c4ba14857588d2aca57d94294137a00']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e580-dbf4-497e-b8aa-4ef0950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:36.000Z",
|
|
"modified": "2015-12-09T08:25:36.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: a73351623577f44a2b578fed1e78e37e",
|
|
"pattern": "[file:hashes.SHA1 = '6606c890794b0243c0d34fa8f09ead02569f0ea4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5667e581-0b4c-4284-af44-4a26950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:37.000Z",
|
|
"modified": "2015-12-09T08:25:37.000Z",
|
|
"first_observed": "2015-12-09T08:25:37Z",
|
|
"last_observed": "2015-12-09T08:25:37Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5667e581-0b4c-4284-af44-4a26950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5667e581-0b4c-4284-af44-4a26950d210b",
|
|
"value": "https://www.virustotal.com/file/e125218316467d4749e957b87201f8fd4c4ba14857588d2aca57d94294137a00/analysis/1367977231/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e581-39f8-44d5-89cf-4714950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:37.000Z",
|
|
"modified": "2015-12-09T08:25:37.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 93b630891db21a4a2350280a360c713d",
|
|
"pattern": "[file:hashes.SHA256 = 'c10f703839ec0a82a248883b1b8885747b5fb145d0aeb0bad71e06980425a4fa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e582-f7a0-4922-95c1-48d5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:38.000Z",
|
|
"modified": "2015-12-09T08:25:38.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 93b630891db21a4a2350280a360c713d",
|
|
"pattern": "[file:hashes.SHA1 = '3b75f27d1bd1c41989b0f5ff3a4e44998eb45609']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5667e582-f768-4519-b17c-4ea0950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:38.000Z",
|
|
"modified": "2015-12-09T08:25:38.000Z",
|
|
"first_observed": "2015-12-09T08:25:38Z",
|
|
"last_observed": "2015-12-09T08:25:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5667e582-f768-4519-b17c-4ea0950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5667e582-f768-4519-b17c-4ea0950d210b",
|
|
"value": "https://www.virustotal.com/file/c10f703839ec0a82a248883b1b8885747b5fb145d0aeb0bad71e06980425a4fa/analysis/1355946685/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e582-a8fc-47b9-b870-4726950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:38.000Z",
|
|
"modified": "2015-12-09T08:25:38.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: d2adecc6287dd4d559fe6ce2ce7a7e31",
|
|
"pattern": "[file:hashes.SHA256 = 'e17bdf72b3c6c53a3ee77e3edc0b9cf7a2eb194210e071f4eb80aa1d6ee3cb2d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e583-23b4-4e42-84e7-4774950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:39.000Z",
|
|
"modified": "2015-12-09T08:25:39.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: d2adecc6287dd4d559fe6ce2ce7a7e31",
|
|
"pattern": "[file:hashes.SHA1 = '9e0f81958a03b9a50be4c3b10971b80c6eefd78f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5667e583-0974-4a75-8e37-4f00950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:39.000Z",
|
|
"modified": "2015-12-09T08:25:39.000Z",
|
|
"first_observed": "2015-12-09T08:25:39Z",
|
|
"last_observed": "2015-12-09T08:25:39Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5667e583-0974-4a75-8e37-4f00950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5667e583-0974-4a75-8e37-4f00950d210b",
|
|
"value": "https://www.virustotal.com/file/e17bdf72b3c6c53a3ee77e3edc0b9cf7a2eb194210e071f4eb80aa1d6ee3cb2d/analysis/1347227934/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e584-520c-4a98-99c8-4f2b950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:40.000Z",
|
|
"modified": "2015-12-09T08:25:40.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 2d722592a4e3c8030410dccccb221ce4",
|
|
"pattern": "[file:hashes.SHA256 = 'ab40d67f4ed686f8f7cf686fc9c8a6f9f8f2b6fd80e0bf8e129875e2e428f24e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e584-8210-411c-aae7-4f3f950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:40.000Z",
|
|
"modified": "2015-12-09T08:25:40.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: 2d722592a4e3c8030410dccccb221ce4",
|
|
"pattern": "[file:hashes.SHA1 = 'e4da283e0a6744a5339cf7f7d6f6e11026a6d9e4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5667e584-c494-4cbb-8bb8-428f950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:40.000Z",
|
|
"modified": "2015-12-09T08:25:40.000Z",
|
|
"first_observed": "2015-12-09T08:25:40Z",
|
|
"last_observed": "2015-12-09T08:25:40Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5667e584-c494-4cbb-8bb8-428f950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5667e584-c494-4cbb-8bb8-428f950d210b",
|
|
"value": "https://www.virustotal.com/file/ab40d67f4ed686f8f7cf686fc9c8a6f9f8f2b6fd80e0bf8e129875e2e428f24e/analysis/1345738881/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e585-5c5c-4337-9504-4fe4950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:41.000Z",
|
|
"modified": "2015-12-09T08:25:41.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: dd1101adc86fd282f5f183942cc2f3b7",
|
|
"pattern": "[file:hashes.SHA256 = '56ea4781ccefb7596e77fcb7a57fb703007f2fb9b94fe33a3cc5257ab7996d1c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e585-d7e0-43ac-a5f6-4bfa950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:25:41.000Z",
|
|
"modified": "2015-12-09T08:25:41.000Z",
|
|
"description": "Imported via the freetext import. - Xchecked via VT: dd1101adc86fd282f5f183942cc2f3b7",
|
|
"pattern": "[file:hashes.SHA1 = '44e6fb6aa66fc40a4389eb287d90cfef9593738b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:25:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Payload delivery"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Payload delivery\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e680-8cec-4889-98f7-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:52.000Z",
|
|
"modified": "2015-12-09T08:29:52.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'bit.ly/1wl3ye2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e681-d538-418a-9a13-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:53.000Z",
|
|
"modified": "2015-12-09T08:29:53.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'blackboxmusic.co']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e681-be28-4961-9760-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:53.000Z",
|
|
"modified": "2015-12-09T08:29:53.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'confirmation-blackberry.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e681-7044-4b83-9732-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:53.000Z",
|
|
"modified": "2015-12-09T08:29:53.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'confirmation-facebook.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e682-9550-4fa5-b0d8-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:54.000Z",
|
|
"modified": "2015-12-09T08:29:54.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'confirmation-icloud.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e682-9908-41b8-9545-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:54.000Z",
|
|
"modified": "2015-12-09T08:29:54.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'confirmation-outlook.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e683-2b70-4b75-ad2c-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:55.000Z",
|
|
"modified": "2015-12-09T08:29:55.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'confirmation-twitter.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e683-2dac-46cc-b3a3-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:55.000Z",
|
|
"modified": "2015-12-09T08:29:55.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'confirmation-yahoo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e683-eaa4-4922-8f96-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:55.000Z",
|
|
"modified": "2015-12-09T08:29:55.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'deyrep.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e684-6370-4800-9824-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:56.000Z",
|
|
"modified": "2015-12-09T08:29:56.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'ecuadorenvivo.co']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e684-8b98-4caa-b3ad-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:56.000Z",
|
|
"modified": "2015-12-09T08:29:56.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'focusecuador.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e685-573c-4291-afd5-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:57.000Z",
|
|
"modified": "2015-12-09T08:29:57.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'inyurl.com/q4kaf68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e685-05e0-4e09-b025-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:57.000Z",
|
|
"modified": "2015-12-09T08:29:57.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'justicia-desvinculados.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e686-6b74-4921-8c3c-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:58.000Z",
|
|
"modified": "2015-12-09T08:29:58.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'main-local-latam-soporte-widget.cu9.co']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e687-2364-49c6-b12a-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:29:59.000Z",
|
|
"modified": "2015-12-09T08:29:59.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'main-local-latam-widget-soporte.cu9.co']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:29:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e688-f720-4205-be66-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:30:00.000Z",
|
|
"modified": "2015-12-09T08:30:00.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'movimientoanticorreista.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:30:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e688-35f0-4bea-a2a4-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:30:00.000Z",
|
|
"modified": "2015-12-09T08:30:00.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'no-creo.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:30:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e689-1c74-457f-9003-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:30:01.000Z",
|
|
"modified": "2015-12-09T08:30:01.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'soporte-login-account-gmail.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:30:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e689-d464-4524-ae77-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:30:01.000Z",
|
|
"modified": "2015-12-09T08:30:01.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'soporte-login-account-yahoo.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:30:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e68a-c428-47b6-8e89-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:30:02.000Z",
|
|
"modified": "2015-12-09T08:30:02.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'soporte-main-local-latam-es.cu9.co']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:30:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e68a-bc2c-4922-9ead-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:30:02.000Z",
|
|
"modified": "2015-12-09T08:30:02.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'soporte-main-local-latam-us.cu9.co']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:30:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e68b-818c-47cd-be91-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:30:03.000Z",
|
|
"modified": "2015-12-09T08:30:03.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'support-login-validate-outlook.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:30:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e68c-ca04-403c-b56a-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:30:04.000Z",
|
|
"modified": "2015-12-09T08:30:04.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'tinyurl.com/ol6qzec']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:30:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e68d-62e0-4ec9-a6e1-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:30:05.000Z",
|
|
"modified": "2015-12-09T08:30:05.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'tinyurl.com/pl843ws']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:30:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e68d-ba10-41c7-a602-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:30:05.000Z",
|
|
"modified": "2015-12-09T08:30:05.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'tinyurl.com/px28gsa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:30:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e68d-2e38-4246-9aaf-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:30:05.000Z",
|
|
"modified": "2015-12-09T08:30:05.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'tinyurl.com/q3zdyk8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:30:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e68e-29fc-4121-814c-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:30:06.000Z",
|
|
"modified": "2015-12-09T08:30:06.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'tinyurl.com/q4kaf68']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:30:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e68e-02b8-4922-a4ab-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:30:06.000Z",
|
|
"modified": "2015-12-09T08:30:06.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[url:value = 'tinyurl.com/qxzz6ky']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:30:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5667e68f-4968-46d1-a6fb-edb5950d210b",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2015-12-09T08:30:07.000Z",
|
|
"modified": "2015-12-09T08:30:07.000Z",
|
|
"description": "Imported via the freetext import.",
|
|
"pattern": "[domain-name:value = 'update-outlook.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2015-12-09T08:30:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |