adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/59f4a30d-fdf8-4617-b6ab-45df02de0b81.json

1991 lines
No EOL
84 KiB
JSON
Raw Blame History

{
"type": "bundle",
"id": "bundle--59f4a30d-fdf8-4617-b6ab-45df02de0b81",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-22T21:20:18.000Z",
"modified": "2017-11-22T21:20:18.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59f4a30d-fdf8-4617-b6ab-45df02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-22T21:20:18.000Z",
"modified": "2017-11-22T21:20:18.000Z",
"name": "OSINT - Bahamut Revisited, More Cyber Espionage in the Middle East and South Asia",
"published": "2017-12-28T13:21:35Z",
"object_refs": [
"observed-data--59f4a332-25a4-4cf0-9c00-0a8f02de0b81",
"url--59f4a332-25a4-4cf0-9c00-0a8f02de0b81",
"x-misp-attribute--59f4a349-5d24-42f1-81fb-427b02de0b81",
"indicator--59f4a3af-8a84-4a5a-9ef7-46b202de0b81",
"indicator--59f4a3af-6a74-4147-bab8-462f02de0b81",
"indicator--59f4a3af-9324-4a5f-ab14-425a02de0b81",
"indicator--59f4a3af-6610-44da-a595-4c9e02de0b81",
"indicator--59f4a3af-5c00-4ac5-852f-427302de0b81",
"indicator--59f4a3af-4b70-455b-b716-438d02de0b81",
"indicator--59f4a3af-b0f4-4461-9816-457e02de0b81",
"indicator--59f4a3af-dfb8-4f4a-8a99-424102de0b81",
"indicator--59f4a3af-7a80-4fb5-8033-414302de0b81",
"indicator--59f4a3af-ec60-4491-88d5-464c02de0b81",
"indicator--59f4a3af-5d20-4e14-86e4-415c02de0b81",
"indicator--59f4a3af-69a8-4e3e-9cce-419502de0b81",
"indicator--59f4a3af-5330-4e93-8aaf-404702de0b81",
"indicator--59f4a3af-6370-4398-9b1d-409902de0b81",
"indicator--59f4a3d1-6344-4d78-a2aa-404f02de0b81",
"indicator--59f4a3d1-62bc-4e26-929f-471c02de0b81",
"indicator--59f4a3d1-d934-4478-b90c-42ce02de0b81",
"indicator--59f4a3d1-ae04-4d35-9531-4d6002de0b81",
"indicator--59f4a3d1-27bc-46cc-a325-492402de0b81",
"indicator--59f4a3d1-12b4-479f-9ee3-480402de0b81",
"indicator--59f4a3d1-a0d0-4e20-afe8-487e02de0b81",
"indicator--59f4a3d1-beac-4341-853a-4ac302de0b81",
"indicator--59f4a3d1-3660-4f97-ba51-457702de0b81",
"indicator--59f4a3d1-78f4-4000-a477-429302de0b81",
"indicator--59f4a404-b5bc-41c4-9347-4ee802de0b81",
"indicator--59f4a404-de84-4ff5-8084-481d02de0b81",
"indicator--59f4a404-0010-4f6d-8836-4fb802de0b81",
"indicator--59f4a404-b910-465c-9eef-4fce02de0b81",
"indicator--59f4a404-f3c0-43bf-855c-4cce02de0b81",
"indicator--59f4a404-2bf8-49c5-8a9a-4a9502de0b81",
"indicator--59f4a404-e5d8-48f4-ab58-474e02de0b81",
"indicator--59f4a425-9ea8-4578-9922-4ea302de0b81",
"indicator--59f4a439-698c-4c47-a051-4f2902de0b81",
"indicator--59f4a439-675c-43f6-bd3e-499302de0b81",
"indicator--59f4a439-d53c-404e-b3be-4d8b02de0b81",
"indicator--59f4a439-35e4-48e3-b6be-48a902de0b81",
"indicator--59f4a456-8b14-42ff-9666-0ccc02de0b81",
"indicator--59f4a456-3b74-4fea-8ab8-0ccc02de0b81",
"indicator--59f4a456-687c-4de7-9b05-0ccc02de0b81",
"indicator--59f4a456-2bb8-4fce-b099-0ccc02de0b81",
"indicator--59f4a456-9fe8-4825-a85f-0ccc02de0b81",
"indicator--59f4a456-1888-4734-90e7-0ccc02de0b81",
"indicator--59f4a456-24d0-4ce1-b1d5-0ccc02de0b81",
"indicator--59f4a456-ea64-43f5-b0b8-0ccc02de0b81",
"indicator--59f4a48d-9788-4384-b858-411902de0b81",
"indicator--59f4a48d-5b9c-4f72-8dd4-48a102de0b81",
"indicator--59f4a48d-b230-44f5-9a22-41aa02de0b81",
"indicator--59f4a48d-6c04-414f-bd1d-40c202de0b81",
"indicator--59f4a48d-58a8-4306-9cd8-442f02de0b81",
"indicator--59f4a48d-c3b8-4846-b081-43ed02de0b81",
"indicator--59f4a48d-1564-4a13-9711-4dcb02de0b81",
"indicator--59f4a48d-cef8-4254-94ef-467802de0b81",
"indicator--59f4a48d-8170-473f-8941-4e7802de0b81",
"indicator--59f4a4c7-3db0-410a-ab8d-0a8f02de0b81",
"indicator--59f4a4c7-397c-46fd-a32a-0a8f02de0b81",
"observed-data--59f4a4c7-93c8-4d72-88ce-0a8f02de0b81",
"url--59f4a4c7-93c8-4d72-88ce-0a8f02de0b81",
"indicator--59f4a4c7-d944-473a-95bb-0a8f02de0b81",
"indicator--59f4a4c7-6eb8-4df3-90cf-0a8f02de0b81",
"observed-data--59f4a4c7-4148-4cba-91d2-0a8f02de0b81",
"url--59f4a4c7-4148-4cba-91d2-0a8f02de0b81",
"indicator--59f4a4c7-c9a0-42ab-94ea-0a8f02de0b81",
"indicator--59f4a4c7-d7f4-4ecf-8b42-0a8f02de0b81",
"observed-data--59f4a4c7-6b7c-4e67-8ccc-0a8f02de0b81",
"url--59f4a4c7-6b7c-4e67-8ccc-0a8f02de0b81",
"indicator--59f4a4c7-918c-4245-8ebf-0a8f02de0b81",
"indicator--59f4a4c7-70c8-483e-95b1-0a8f02de0b81",
"observed-data--59f4a4c7-d43c-4a02-9a99-0a8f02de0b81",
"url--59f4a4c7-d43c-4a02-9a99-0a8f02de0b81",
"indicator--59f4a4c7-6d74-4281-937a-0a8f02de0b81",
"indicator--59f4a4c7-1df0-44d5-ad99-0a8f02de0b81",
"observed-data--59f4a4c7-3b28-4a10-8aaf-0a8f02de0b81",
"url--59f4a4c7-3b28-4a10-8aaf-0a8f02de0b81",
"indicator--59f4a4c7-8e84-45ed-b728-0a8f02de0b81",
"indicator--59f4a4c7-a794-4b6b-9542-0a8f02de0b81",
"observed-data--59f4a4c7-4d18-4218-bd0e-0a8f02de0b81",
"url--59f4a4c7-4d18-4218-bd0e-0a8f02de0b81",
"indicator--59f4a4c7-9e84-4f2b-9008-0a8f02de0b81",
"indicator--59f4a4c7-bbfc-460f-8045-0a8f02de0b81",
"observed-data--59f4a4c7-b32c-4349-a488-0a8f02de0b81",
"url--59f4a4c7-b32c-4349-a488-0a8f02de0b81",
"x-misp-object--59f4a7fd-20e0-493a-b9a3-481e02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"osint:source-type=\"blog-post\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f4a332-25a4-4cf0-9c00-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"first_observed": "2017-10-28T15:39:50Z",
"last_observed": "2017-10-28T15:39:50Z",
"number_observed": 1,
"object_refs": [
"url--59f4a332-25a4-4cf0-9c00-0a8f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f4a332-25a4-4cf0-9c00-0a8f02de0b81",
"value": "https://www.bellingcat.com/resources/case-studies/2017/10/27/bahamut-revisited-cyber-espionage-middle-east-south-asia/"
},
{
"type": "x-misp-attribute",
"spec_version": "2.1",
"id": "x-misp-attribute--59f4a349-5d24-42f1-81fb-427b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"labels": [
"misp:type=\"text\"",
"misp:category=\"External analysis\""
],
"x_misp_category": "External analysis",
"x_misp_type": "text",
"x_misp_value": "In June we published on a previously unknown group we named \u00e2\u20ac\u0153Bahamut,\u00e2\u20ac\u009d a strange campaign of phishing and malware apparently focused on the Middle East and South Asia. In the Bahamut report, we documented a capable actor interested in a diverse set of political, economic, and non-governmental targets, which suggested espionage rather than criminal intent. Bahamut was shown to be resourceful, not only maintaining their own Android malware but running propaganda sites, although the quality of these activities varied noticeably.\r\n\r\nOur publication on the campaign coincided with a series of defacements and leaked emails related to Qatar and its neighbors, the same types of targets that arose in our research. While we have found no evidence to link the group to these incidents, Bahamut provided a useful window into the activities rampant in the Gulf at a time when hacking has contributed to a regional diplomatic crisis. The incident further demonstrated the blurred lines in cybersecurity between attacks against human rights communities and espionage against diplomats, as well as the potential role of non-state actors in state-aligned cyber operations.\r\n\r\nAfter publication, the identified operations and malware domains were taken down. For three months there was no apparent further activity from the actor. However, in the same week of September a series of spearphishing attempts once again targeted a set of otherwise unrelated individuals, employing the same tactics as before. Bahamut remains active, and its operations are more extensive than first disclosed. Our primary contribution in this update is to implicate Bahamut in what are likely counterterrorism-motivated surveillance operations, and to further affirm our belief that the group is a hacker-for-hire operation. Toward this we document a previously unnoticed link with a campaign targeting South Asia that was published last year. This post extends the previous publication with recent activity and lends more evidence to our past hypotheses about the political nature of its operations."
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3af-8a84-4a5a-9ef7-46b202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[email-message:from_ref.value = 'noreply.user.subscripton@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3af-6a74-4147-bab8-462f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[email-message:from_ref.value = 'mirror.news.live@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3af-9324-4a5f-ab14-425a02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[email-message:from_ref.value = 'mail.noreplyportals@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3af-6610-44da-a595-4c9e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[email-message:from_ref.value = 'rnicrosoft-recovery-update@hotmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3af-5c00-4ac5-852f-427302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[email-message:from_ref.value = 'noreply.subscribeuser.alert@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3af-4b70-455b-b716-438d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[email-message:from_ref.value = 'noreply.users.validation@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3af-b0f4-4461-9816-457e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[email-message:from_ref.value = 'noreply.applc.id.service@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3af-dfb8-4f4a-8a99-424102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[email-message:from_ref.value = 'playbooy.magazine.update@outlook.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3af-7a80-4fb5-8033-414302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[email-message:from_ref.value = 'noreply.goolgemail@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3af-ec60-4491-88d5-464c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[email-message:from_ref.value = 'dubaicalender.eventupdate@outlook.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3af-5d20-4e14-86e4-415c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[email-message:from_ref.value = 'sputniknews@email.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3af-69a8-4e3e-9cce-419502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[email-message:from_ref.value = 'news_update@email.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3af-5330-4e93-8aaf-404702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[email-message:from_ref.value = 'bbcnewsdailysubscribe@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3af-6370-4398-9b1d-409902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[email-message:from_ref.value = 'noreply.goolgehangouts@gmail.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3d1-6344-4d78-a2aa-404f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[domain-name:value = 'squre39-cld.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3d1-62bc-4e26-929f-471c02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[domain-name:value = 'goolg-en.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3d1-d934-4478-b90c-42ce02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[domain-name:value = 'login-asmx.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3d1-ae04-4d35-9531-4d6002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[domain-name:value = 'string2port.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3d1-27bc-46cc-a325-492402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[domain-name:value = 'session-en.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3d1-12b4-479f-9ee3-480402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[domain-name:value = 'singin-go-olge.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3d1-a0d0-4e20-afe8-487e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '111.90.138.81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3d1-beac-4341-853a-4ac302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.68.242.18']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3d1-3660-4f97-ba51-457702de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.92.136.134']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a3d1-78f4-4000-a477-429302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Credential Harvesting and Recon",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '200.63.45.47']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a404-b5bc-41c4-9347-4ee802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Android Agent",
"pattern": "[domain-name:value = 'devotedtohumanity-fif.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a404-de84-4ff5-8084-481d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Android Agent",
"pattern": "[domain-name:value = 'kashmir-weather-info.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a404-0010-4f6d-8836-4fb802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Android Agent",
"pattern": "[domain-name:value = 'mxiplayer.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a404-b910-465c-9eef-4fce02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Android Agent",
"pattern": "[file:hashes.SHA1 = '6e5e7ecb929fdc29ba93058bf2f501842ac0f2c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a404-f3c0-43bf-855c-4cce02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Android Agent",
"pattern": "[file:hashes.SHA1 = '0550dad8d55446e5b5dbae61783cfb7c78ee10d2']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a404-2bf8-49c5-8a9a-4a9502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:50.000Z",
"modified": "2017-10-28T15:39:50.000Z",
"description": "Android Agent",
"pattern": "[file:hashes.SHA1 = '00d000679baab456953b4302d8b2a1e65241ed12']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a404-e5d8-48f4-ab58-474e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Android Agent",
"pattern": "[file:hashes.SHA1 = 'ddaf5e43da0b00884ef957c32d7b16ed692a057a']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a425-9ea8-4578-9922-4ea302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Windows Agent",
"pattern": "[file:hashes.SHA1 = '9850ac30c3357d3a412d0f6cec2716b63db6c21d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a439-698c-4c47-a051-4f2902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Other Malware References",
"pattern": "[file:hashes.SHA256 = '9e4596bfb4f58d8ecfe2bc3514c6c7b2170040d9acfb02f295ed1e9ab13ec560']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a439-675c-43f6-bd3e-499302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Other Malware References",
"pattern": "[file:hashes.SHA256 = '1518badcb2717e6b0fa9bdd883d5ff61fedddf7ddf22cc3dc04a38f4e137fc96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a439-d53c-404e-b3be-4d8b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Other Malware References",
"pattern": "[domain-name:value = 'mint-news-portal.hymnfork.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a439-35e4-48e3-b6be-48a902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Other Malware References",
"pattern": "[domain-name:value = 'online-tracking-status.hymnfork.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a456-8b14-42ff-9666-0ccc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[domain-name:value = 'insidecloud-aspx.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a456-3b74-4fea-8ab8-0ccc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[domain-name:value = 'data-covery.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a456-687c-4de7-9b05-0ccc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[domain-name:value = 'sa-google.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a456-2bb8-4fce-b099-0ccc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[domain-name:value = 'rnail-aspx.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a456-9fe8-4825-a85f-0ccc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[domain-name:value = 'session-service.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a456-1888-4734-90e7-0ccc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[domain-name:value = 'session-owa.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a456-24d0-4ce1-b1d5-0ccc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[domain-name:value = 'myinfocheck.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a456-ea64-43f5-b0b8-0ccc02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[domain-name:value = 'host-auth.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"domain\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a48d-9788-4384-b858-411902de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[email-message:from_ref.value = 'janko.kolar@bulletmail.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a48d-5b9c-4f72-8dd4-48a102de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[email-message:from_ref.value = 'jacbov.vjan@bulletmail.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a48d-b230-44f5-9a22-41aa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[email-message:from_ref.value = 'robert.warne@list.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a48d-6c04-414f-bd1d-40c202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[email-message:from_ref.value = 'viera.taafi@pobox.sk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a48d-58a8-4306-9cd8-442f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[email-message:from_ref.value = 'aaron.drago@pobox.sk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a48d-c3b8-4846-b081-43ed02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[email-message:from_ref.value = 'marek.franko@pobox.sk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a48d-1564-4a13-9711-4dcb02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[email-message:from_ref.value = 'oliver.dagur@mail.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a48d-cef8-4254-94ef-467802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[email-message:from_ref.value = 'ralph.cramey@mail.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a48d-8170-473f-8941-4e7802de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Similar Infrastructure",
"pattern": "[email-message:from_ref.value = 'petru.negru@pobox.sk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"email-src\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a4c7-3db0-410a-ab8d-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Other Malware References - Xchecked via VT: 1518badcb2717e6b0fa9bdd883d5ff61fedddf7ddf22cc3dc04a38f4e137fc96",
"pattern": "[file:hashes.SHA1 = '381307e3120a0ee6b2769b4fe650c910bb55eb90']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a4c7-397c-46fd-a32a-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Other Malware References - Xchecked via VT: 1518badcb2717e6b0fa9bdd883d5ff61fedddf7ddf22cc3dc04a38f4e137fc96",
"pattern": "[file:hashes.MD5 = '94da91def54db4c1895eb7ba99eb75a6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f4a4c7-93c8-4d72-88ce-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"first_observed": "2017-10-28T15:39:51Z",
"last_observed": "2017-10-28T15:39:51Z",
"number_observed": 1,
"object_refs": [
"url--59f4a4c7-93c8-4d72-88ce-0a8f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f4a4c7-93c8-4d72-88ce-0a8f02de0b81",
"value": "https://www.virustotal.com/file/1518badcb2717e6b0fa9bdd883d5ff61fedddf7ddf22cc3dc04a38f4e137fc96/analysis/1508453214/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a4c7-d944-473a-95bb-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Other Malware References - Xchecked via VT: 9e4596bfb4f58d8ecfe2bc3514c6c7b2170040d9acfb02f295ed1e9ab13ec560",
"pattern": "[file:hashes.SHA1 = '9ef613c4db7e172f7df271513dd501f0a18de2c8']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a4c7-6eb8-4df3-90cf-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Other Malware References - Xchecked via VT: 9e4596bfb4f58d8ecfe2bc3514c6c7b2170040d9acfb02f295ed1e9ab13ec560",
"pattern": "[file:hashes.MD5 = 'cfa27503eb37b1c94966d7ac3a5c28c0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f4a4c7-4148-4cba-91d2-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"first_observed": "2017-10-28T15:39:51Z",
"last_observed": "2017-10-28T15:39:51Z",
"number_observed": 1,
"object_refs": [
"url--59f4a4c7-4148-4cba-91d2-0a8f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f4a4c7-4148-4cba-91d2-0a8f02de0b81",
"value": "https://www.virustotal.com/file/9e4596bfb4f58d8ecfe2bc3514c6c7b2170040d9acfb02f295ed1e9ab13ec560/analysis/1508352935/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a4c7-c9a0-42ab-94ea-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Windows Agent - Xchecked via VT: 9850ac30c3357d3a412d0f6cec2716b63db6c21d",
"pattern": "[file:hashes.SHA256 = 'd0e2e7fe3fab992a670137d0693a2b76a5ac88283011b4aa8786d439b37c877b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a4c7-d7f4-4ecf-8b42-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Windows Agent - Xchecked via VT: 9850ac30c3357d3a412d0f6cec2716b63db6c21d",
"pattern": "[file:hashes.MD5 = '94a6aba63c9d2d9587e424acfde41bcb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f4a4c7-6b7c-4e67-8ccc-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"first_observed": "2017-10-28T15:39:51Z",
"last_observed": "2017-10-28T15:39:51Z",
"number_observed": 1,
"object_refs": [
"url--59f4a4c7-6b7c-4e67-8ccc-0a8f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f4a4c7-6b7c-4e67-8ccc-0a8f02de0b81",
"value": "https://www.virustotal.com/file/d0e2e7fe3fab992a670137d0693a2b76a5ac88283011b4aa8786d439b37c877b/analysis/1504758200/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a4c7-918c-4245-8ebf-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Android Agent - Xchecked via VT: ddaf5e43da0b00884ef957c32d7b16ed692a057a",
"pattern": "[file:hashes.SHA256 = '05a4e1e6542d6b0ba7b6eced12c05e96a341deaf88adb28695365544940da5ed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a4c7-70c8-483e-95b1-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Android Agent - Xchecked via VT: ddaf5e43da0b00884ef957c32d7b16ed692a057a",
"pattern": "[file:hashes.MD5 = '019db1adb064ff0245470d0c1972c515']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f4a4c7-d43c-4a02-9a99-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"first_observed": "2017-10-28T15:39:51Z",
"last_observed": "2017-10-28T15:39:51Z",
"number_observed": 1,
"object_refs": [
"url--59f4a4c7-d43c-4a02-9a99-0a8f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f4a4c7-d43c-4a02-9a99-0a8f02de0b81",
"value": "https://www.virustotal.com/file/05a4e1e6542d6b0ba7b6eced12c05e96a341deaf88adb28695365544940da5ed/analysis/1500233344/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a4c7-6d74-4281-937a-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Android Agent - Xchecked via VT: 00d000679baab456953b4302d8b2a1e65241ed12",
"pattern": "[file:hashes.SHA256 = '6f60dfbd3c3fdffc731969acc1b7a82a545b8ec5baaecd48e7ae8055beb37259']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a4c7-1df0-44d5-ad99-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Android Agent - Xchecked via VT: 00d000679baab456953b4302d8b2a1e65241ed12",
"pattern": "[file:hashes.MD5 = 'eec26ee59a6fc0f4b7a2a82b13fe6b05']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f4a4c7-3b28-4a10-8aaf-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"first_observed": "2017-10-28T15:39:51Z",
"last_observed": "2017-10-28T15:39:51Z",
"number_observed": 1,
"object_refs": [
"url--59f4a4c7-3b28-4a10-8aaf-0a8f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f4a4c7-3b28-4a10-8aaf-0a8f02de0b81",
"value": "https://www.virustotal.com/file/6f60dfbd3c3fdffc731969acc1b7a82a545b8ec5baaecd48e7ae8055beb37259/analysis/1504073634/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a4c7-8e84-45ed-b728-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Android Agent - Xchecked via VT: 0550dad8d55446e5b5dbae61783cfb7c78ee10d2",
"pattern": "[file:hashes.SHA256 = '65398e0f12248ca71642216ff8606744305c2397c368ff072c243e6410fd42bc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a4c7-a794-4b6b-9542-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Android Agent - Xchecked via VT: 0550dad8d55446e5b5dbae61783cfb7c78ee10d2",
"pattern": "[file:hashes.MD5 = '146335f1c4ffaae9cf3d48e767a1c66b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f4a4c7-4d18-4218-bd0e-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"first_observed": "2017-10-28T15:39:51Z",
"last_observed": "2017-10-28T15:39:51Z",
"number_observed": 1,
"object_refs": [
"url--59f4a4c7-4d18-4218-bd0e-0a8f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f4a4c7-4d18-4218-bd0e-0a8f02de0b81",
"value": "https://www.virustotal.com/file/65398e0f12248ca71642216ff8606744305c2397c368ff072c243e6410fd42bc/analysis/1504229307/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a4c7-9e84-4f2b-9008-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Android Agent - Xchecked via VT: 6e5e7ecb929fdc29ba93058bf2f501842ac0f2c0",
"pattern": "[file:hashes.SHA256 = '090bc0f5936a12771b7fdf15070ba2169a24108a095e939920498b94ce19596d']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59f4a4c7-bbfc-460f-8045-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"description": "Android Agent - Xchecked via VT: 6e5e7ecb929fdc29ba93058bf2f501842ac0f2c0",
"pattern": "[file:hashes.MD5 = '63c2bc55a032eef24d0746158727e373']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-10-28T15:39:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59f4a4c7-b32c-4349-a488-0a8f02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:39:51.000Z",
"modified": "2017-10-28T15:39:51.000Z",
"first_observed": "2017-10-28T15:39:51Z",
"last_observed": "2017-10-28T15:39:51Z",
"number_observed": 1,
"object_refs": [
"url--59f4a4c7-b32c-4349-a488-0a8f02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59f4a4c7-b32c-4349-a488-0a8f02de0b81",
"value": "https://www.virustotal.com/file/090bc0f5936a12771b7fdf15070ba2169a24108a095e939920498b94ce19596d/analysis/1504410339/"
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--59f4a7fd-20e0-493a-b9a3-481e02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-10-28T15:53:33.000Z",
"modified": "2017-10-28T15:53:33.000Z",
"labels": [
"misp:name=\"whois\"",
"misp:meta-category=\"network\""
],
"x_misp_attributes": [
{
"type": "domain",
"object_relation": "domain",
"value": "i3mode.com",
"category": "Network activity",
"to_ids": true,
"uuid": "59f4a7fe-8b80-4a1c-9aa4-429002de0b81"
},
{
"type": "whois-registrant-email",
"object_relation": "registrant-email",
"value": "kedrick.brown.84@mail.ru",
"category": "Attribution",
"uuid": "59f4a7fe-1498-4acb-bc1c-440602de0b81"
},
{
"type": "whois-registrant-name",
"object_relation": "registrant-name",
"value": "KEDRICK BROWN",
"category": "Attribution",
"uuid": "59f4a7fe-c3f0-41db-ba32-488402de0b81"
},
{
"type": "whois-registrant-phone",
"object_relation": "registrant-phone",
"value": "00503503226605642",
"category": "Attribution",
"uuid": "59f4a7fe-0614-49f2-81f1-47d702de0b81"
}
],
"x_misp_meta_category": "network",
"x_misp_name": "whois"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink