571 lines
23 KiB
JSON
571 lines
23 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--57ee6d8c-0650-4c8a-9dfa-4f31950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:41.000Z",
|
||
|
"modified": "2016-09-30T13:50:41.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--57ee6d8c-0650-4c8a-9dfa-4f31950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:41.000Z",
|
||
|
"modified": "2016-09-30T13:50:41.000Z",
|
||
|
"name": "Malspam 2016-09-30 (.wsf in .zip) - campaign: \"Parcel details\"",
|
||
|
"published": "2016-09-30T13:51:03Z",
|
||
|
"object_refs": [
|
||
|
"indicator--57ee6dad-290c-4123-8016-4cea950d210f",
|
||
|
"indicator--57ee6dad-a9d4-4132-a115-48e9950d210f",
|
||
|
"indicator--57ee6dad-5aac-461c-802c-477d950d210f",
|
||
|
"indicator--57ee6dae-9d28-44cc-9830-4145950d210f",
|
||
|
"indicator--57ee6dae-59b4-476d-8846-4e81950d210f",
|
||
|
"indicator--57ee6dae-a418-4f7e-8fdd-4164950d210f",
|
||
|
"indicator--57ee6dae-5318-4955-ad4d-4526950d210f",
|
||
|
"indicator--57ee6dae-79b0-42c8-aa35-4fad950d210f",
|
||
|
"indicator--57ee6daf-bf6c-4433-9dd7-44bd950d210f",
|
||
|
"indicator--57ee6daf-9788-4ce7-b4fd-469c950d210f",
|
||
|
"indicator--57ee6daf-bac4-40a2-8029-405f950d210f",
|
||
|
"indicator--57ee6daf-07e0-4e9b-9757-4264950d210f",
|
||
|
"indicator--57ee6daf-1d54-4a2a-aaa8-4dc2950d210f",
|
||
|
"indicator--57ee6db0-4814-4305-b92b-4530950d210f",
|
||
|
"indicator--57ee6db0-4000-4f2f-b351-4f04950d210f",
|
||
|
"indicator--57ee6db0-7d7c-4a67-a70e-449e950d210f",
|
||
|
"indicator--57ee6db0-a2c4-4fdf-a57a-419f950d210f",
|
||
|
"indicator--57ee6db1-8edc-4932-8b75-4740950d210f",
|
||
|
"indicator--57ee6db1-a7f0-4039-881f-4c90950d210f",
|
||
|
"indicator--57ee6db1-bca4-4371-b87b-4421950d210f",
|
||
|
"indicator--57ee6db1-78f4-4ec2-97cc-4090950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"circl:incident-classification=\"malware\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6dad-290c-4123-8016-4cea950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:37.000Z",
|
||
|
"modified": "2016-09-30T13:50:37.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.6.196.150']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6dad-a9d4-4132-a115-48e9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:37.000Z",
|
||
|
"modified": "2016-09-30T13:50:37.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.50.231']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6dad-5aac-461c-802c-477d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:37.000Z",
|
||
|
"modified": "2016-09-30T13:50:37.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '190.147.38.2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6dae-9d28-44cc-9830-4145950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:38.000Z",
|
||
|
"modified": "2016-09-30T13:50:38.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.254.128.73']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6dae-59b4-476d-8846-4e81950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:38.000Z",
|
||
|
"modified": "2016-09-30T13:50:38.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.210.120.156']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6dae-a418-4f7e-8fdd-4164950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:38.000Z",
|
||
|
"modified": "2016-09-30T13:50:38.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.117.4.26']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6dae-5318-4955-ad4d-4526950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:38.000Z",
|
||
|
"modified": "2016-09-30T13:50:38.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.9.63.225']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6dae-79b0-42c8-aa35-4fad950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:38.000Z",
|
||
|
"modified": "2016-09-30T13:50:38.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[domain-name:value = 'drugvacoa.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6daf-bf6c-4433-9dd7-44bd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:39.000Z",
|
||
|
"modified": "2016-09-30T13:50:39.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[domain-name:value = 'greenshootmedia.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6daf-9788-4ce7-b4fd-469c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:39.000Z",
|
||
|
"modified": "2016-09-30T13:50:39.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[url:value = 'http://drugvacoa.net/6n00x']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6daf-bac4-40a2-8029-405f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:39.000Z",
|
||
|
"modified": "2016-09-30T13:50:39.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[url:value = 'http://greenshootmedia.com/w1zanty']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6daf-07e0-4e9b-9757-4264950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:39.000Z",
|
||
|
"modified": "2016-09-30T13:50:39.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[url:value = 'http://lust-vodka.com/fom7aof']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6daf-1d54-4a2a-aaa8-4dc2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:39.000Z",
|
||
|
"modified": "2016-09-30T13:50:39.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[url:value = 'http://puchipuchivirus.com/vvkqo7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6db0-4814-4305-b92b-4530950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:40.000Z",
|
||
|
"modified": "2016-09-30T13:50:40.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[url:value = 'http://resboiu.ro/fpcmb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6db0-4000-4f2f-b351-4f04950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:40.000Z",
|
||
|
"modified": "2016-09-30T13:50:40.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[url:value = 'http://room8008.com/g44ntci1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6db0-7d7c-4a67-a70e-449e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:40.000Z",
|
||
|
"modified": "2016-09-30T13:50:40.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[url:value = 'http://unityquire.com/1nloic']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6db0-a2c4-4fdf-a57a-419f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:40.000Z",
|
||
|
"modified": "2016-09-30T13:50:40.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[domain-name:value = 'lust-vodka.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6db1-8edc-4932-8b75-4740950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:41.000Z",
|
||
|
"modified": "2016-09-30T13:50:41.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[domain-name:value = 'puchipuchivirus.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6db1-a7f0-4039-881f-4c90950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:41.000Z",
|
||
|
"modified": "2016-09-30T13:50:41.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[domain-name:value = 'resboiu.ro']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6db1-bca4-4371-b87b-4421950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:41.000Z",
|
||
|
"modified": "2016-09-30T13:50:41.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[domain-name:value = 'room8008.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--57ee6db1-78f4-4ec2-97cc-4090950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2016-09-30T13:50:41.000Z",
|
||
|
"modified": "2016-09-30T13:50:41.000Z",
|
||
|
"description": "download location",
|
||
|
"pattern": "[domain-name:value = 'unityquire.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-09-30T13:50:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|