2710 lines
109 KiB
JSON
2710 lines
109 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--59bfc43f-c1ac-4a3b-b271-4420950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:47.000Z",
|
||
|
"modified": "2017-10-23T15:39:47.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "grouping",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "grouping--59bfc43f-c1ac-4a3b-b271-4420950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:47.000Z",
|
||
|
"modified": "2017-10-23T15:39:47.000Z",
|
||
|
"name": "M2M - ***SPAM*** Locky: \"Status of invoice\" with .7z\n\tattachment",
|
||
|
"context": "suspicious-activity",
|
||
|
"object_refs": [
|
||
|
"indicator--59bfc440-11c0-40ba-97c7-1914950d210f",
|
||
|
"indicator--59bfc441-8e8c-49eb-88e5-190a950d210f",
|
||
|
"indicator--59bfc441-450c-4bee-92af-167b950d210f",
|
||
|
"indicator--59bfc441-f604-4ec5-b075-1916950d210f",
|
||
|
"indicator--59bfc442-b6c4-4fce-972c-167b950d210f",
|
||
|
"indicator--59bfc442-ff64-4234-9246-413f950d210f",
|
||
|
"observed-data--59bfc443-1550-4cfe-ac10-1916950d210f",
|
||
|
"network-traffic--59bfc443-1550-4cfe-ac10-1916950d210f",
|
||
|
"ipv4-addr--59bfc443-1550-4cfe-ac10-1916950d210f",
|
||
|
"indicator--59bfc443-90b0-41f4-8882-1677950d210f",
|
||
|
"indicator--59bfc443-6ef4-4a1e-a822-425c950d210f",
|
||
|
"observed-data--59bfc444-79f4-49af-a9f2-91d9950d210f",
|
||
|
"network-traffic--59bfc444-79f4-49af-a9f2-91d9950d210f",
|
||
|
"ipv4-addr--59bfc444-79f4-49af-a9f2-91d9950d210f",
|
||
|
"indicator--59bfc445-4c4c-4d5d-88d4-496b950d210f",
|
||
|
"indicator--59bfc445-3a30-440b-a11d-18ff950d210f",
|
||
|
"observed-data--59bfc445-d310-4d3c-b58c-4096950d210f",
|
||
|
"network-traffic--59bfc445-d310-4d3c-b58c-4096950d210f",
|
||
|
"ipv4-addr--59bfc445-d310-4d3c-b58c-4096950d210f",
|
||
|
"indicator--59bfc446-c580-4458-8786-190b950d210f",
|
||
|
"indicator--59bfc446-d474-4c06-8dfc-17ec950d210f",
|
||
|
"observed-data--59bfc446-7494-420a-9ef5-18ff950d210f",
|
||
|
"network-traffic--59bfc446-7494-420a-9ef5-18ff950d210f",
|
||
|
"ipv4-addr--59bfc446-7494-420a-9ef5-18ff950d210f",
|
||
|
"indicator--59bfc447-ea2c-4604-914d-4d38950d210f",
|
||
|
"indicator--59bfc447-6474-4827-875b-1916950d210f",
|
||
|
"indicator--59bfc458-f004-42b0-9a34-474b950d210f",
|
||
|
"indicator--59bfc459-42e8-4d7d-8d52-91d9950d210f",
|
||
|
"observed-data--59bfc459-5bc0-498d-a557-1677950d210f",
|
||
|
"network-traffic--59bfc459-5bc0-498d-a557-1677950d210f",
|
||
|
"ipv4-addr--59bfc459-5bc0-498d-a557-1677950d210f",
|
||
|
"indicator--59bfc45a-dbdc-4b1d-9b4f-190b950d210f",
|
||
|
"indicator--59bfc45a-9294-4551-9d33-4321950d210f",
|
||
|
"observed-data--59bfc45a-4748-44a6-9563-4074950d210f",
|
||
|
"network-traffic--59bfc45a-4748-44a6-9563-4074950d210f",
|
||
|
"ipv4-addr--59bfc45a-4748-44a6-9563-4074950d210f",
|
||
|
"indicator--59bfc45b-9c70-4502-9fe5-17a8950d210f",
|
||
|
"indicator--59bfc45b-6e40-41ff-916c-1914950d210f",
|
||
|
"observed-data--59bfc45c-342c-4c06-8052-4434950d210f",
|
||
|
"network-traffic--59bfc45c-342c-4c06-8052-4434950d210f",
|
||
|
"ipv4-addr--59bfc45c-342c-4c06-8052-4434950d210f",
|
||
|
"indicator--59bfc45c-04b0-4421-815e-190a950d210f",
|
||
|
"indicator--59bfc45c-c868-45a3-909a-17a8950d210f",
|
||
|
"observed-data--59bfc45d-3588-46e5-8ace-18ff950d210f",
|
||
|
"network-traffic--59bfc45d-3588-46e5-8ace-18ff950d210f",
|
||
|
"ipv4-addr--59bfc45d-3588-46e5-8ace-18ff950d210f",
|
||
|
"indicator--59bfc45d-eae4-4ffd-8972-1677950d210f",
|
||
|
"indicator--59bfc45e-eaa8-4142-9166-4f62950d210f",
|
||
|
"observed-data--59bfc45e-1084-4003-af95-1914950d210f",
|
||
|
"network-traffic--59bfc45e-1084-4003-af95-1914950d210f",
|
||
|
"ipv4-addr--59bfc45e-1084-4003-af95-1914950d210f",
|
||
|
"indicator--59bfc45f-5d58-4869-8bd7-439d950d210f",
|
||
|
"indicator--59bfc45f-6c44-4e25-844a-4163950d210f",
|
||
|
"observed-data--59bfc460-f37c-4087-97c0-1677950d210f",
|
||
|
"network-traffic--59bfc460-f37c-4087-97c0-1677950d210f",
|
||
|
"ipv4-addr--59bfc460-f37c-4087-97c0-1677950d210f",
|
||
|
"indicator--59bfc460-0058-4fd4-8dda-17a8950d210f",
|
||
|
"indicator--59bfc461-3030-4575-9426-167b950d210f",
|
||
|
"observed-data--59bfc461-bd54-497e-b2fc-4fa8950d210f",
|
||
|
"network-traffic--59bfc461-bd54-497e-b2fc-4fa8950d210f",
|
||
|
"ipv4-addr--59bfc461-bd54-497e-b2fc-4fa8950d210f",
|
||
|
"indicator--59bfc461-6fe0-4042-a5eb-400a950d210f",
|
||
|
"indicator--59bfc462-88a4-48cc-9d44-1913950d210f",
|
||
|
"observed-data--59bfc462-98dc-4a3f-99fe-1914950d210f",
|
||
|
"network-traffic--59bfc462-98dc-4a3f-99fe-1914950d210f",
|
||
|
"ipv4-addr--59bfc462-98dc-4a3f-99fe-1914950d210f",
|
||
|
"indicator--59bfc463-749c-44ef-9816-17ec950d210f",
|
||
|
"indicator--59bfc463-34f0-422a-96c3-4bf6950d210f",
|
||
|
"observed-data--59bfc463-9a38-4ed4-9718-1913950d210f",
|
||
|
"network-traffic--59bfc463-9a38-4ed4-9718-1913950d210f",
|
||
|
"ipv4-addr--59bfc463-9a38-4ed4-9718-1913950d210f",
|
||
|
"observed-data--59bfc464-5184-4279-85e6-49d8950d210f",
|
||
|
"url--59bfc464-5184-4279-85e6-49d8950d210f",
|
||
|
"observed-data--59bfc464-8bcc-4ba4-9932-17ec950d210f",
|
||
|
"network-traffic--59bfc464-8bcc-4ba4-9932-17ec950d210f",
|
||
|
"ipv4-addr--59bfc464-8bcc-4ba4-9932-17ec950d210f",
|
||
|
"observed-data--59bfc465-6c64-4521-9d3e-1913950d210f",
|
||
|
"url--59bfc465-6c64-4521-9d3e-1913950d210f",
|
||
|
"observed-data--59bfc465-d424-4bc1-afc1-1914950d210f",
|
||
|
"network-traffic--59bfc465-d424-4bc1-afc1-1914950d210f",
|
||
|
"ipv4-addr--59bfc465-d424-4bc1-afc1-1914950d210f",
|
||
|
"indicator--59bfc465-0638-4343-b376-4f21950d210f",
|
||
|
"indicator--59bfc466-a4c8-4ec0-96d8-1913950d210f",
|
||
|
"indicator--59bfc466-8e78-4052-a0c3-4293950d210f",
|
||
|
"indicator--59bfc466-b8d4-4fc0-8c2c-167b950d210f",
|
||
|
"observed-data--59bfc467-428c-47a3-bc24-1565950d210f",
|
||
|
"network-traffic--59bfc467-428c-47a3-bc24-1565950d210f",
|
||
|
"ipv4-addr--59bfc467-428c-47a3-bc24-1565950d210f",
|
||
|
"indicator--59bfc467-34e8-4870-99ea-1914950d210f",
|
||
|
"indicator--59bfc467-6f94-4eb3-89bd-4eed950d210f",
|
||
|
"indicator--59bfc468-83ac-48a8-9879-4cae950d210f",
|
||
|
"indicator--59bfc468-0174-498b-bb0c-91d9950d210f",
|
||
|
"indicator--59bfc469-ec2c-4f65-972d-1914950d210f",
|
||
|
"indicator--59bfc469-8490-4e49-b2d9-17a8950d210f",
|
||
|
"indicator--59bfc46a-91a8-4cee-8b37-1677950d210f",
|
||
|
"indicator--59bfc46a-b388-4a62-b545-167b950d210f",
|
||
|
"indicator--59bfc46b-36b8-4bad-826a-190b950d210f",
|
||
|
"indicator--59bfc46b-5578-4581-8ded-17a8950d210f",
|
||
|
"indicator--59bfc46b-6350-4590-ba89-167b950d210f",
|
||
|
"indicator--59bfc46c-d8e0-42f8-85de-91d9950d210f",
|
||
|
"indicator--59bfc46c-3780-41d8-9982-17a8950d210f",
|
||
|
"indicator--59bfc46c-b334-428d-8dc8-190a950d210f",
|
||
|
"indicator--59bfc46d-e1c0-4672-b206-18ff950d210f",
|
||
|
"indicator--59bfc46d-f75c-4db6-bd1e-44d4950d210f",
|
||
|
"indicator--59bfc46e-ccfc-428f-8d38-190a950d210f",
|
||
|
"indicator--59bfc46e-5c3c-45ec-855d-17ec950d210f",
|
||
|
"indicator--59bfc46e-12e4-4e0a-acd1-167b950d210f",
|
||
|
"indicator--59bfc46f-9c6c-41a9-be72-18ff950d210f",
|
||
|
"indicator--59bfc46f-cce0-4ef3-95fb-190a950d210f",
|
||
|
"indicator--59bfc46f-241c-4caa-81dd-17ec950d210f",
|
||
|
"observed-data--59bfc470-fdd4-48fe-99ec-1565950d210f",
|
||
|
"network-traffic--59bfc470-fdd4-48fe-99ec-1565950d210f",
|
||
|
"ipv4-addr--59bfc470-fdd4-48fe-99ec-1565950d210f",
|
||
|
"indicator--59bfc470-6b84-487e-882a-4415950d210f",
|
||
|
"indicator--59bfc470-7704-46a8-8d52-17ec950d210f",
|
||
|
"observed-data--59bfc470-c438-4128-b6cc-17a8950d210f",
|
||
|
"network-traffic--59bfc470-c438-4128-b6cc-17a8950d210f",
|
||
|
"ipv4-addr--59bfc470-c438-4128-b6cc-17a8950d210f",
|
||
|
"indicator--59bfc471-de08-4e89-9c80-1916950d210f",
|
||
|
"indicator--59bfc471-6e3c-4eac-8d00-190b950d210f",
|
||
|
"observed-data--59bfc471-bae8-45ab-af99-444b950d210f",
|
||
|
"network-traffic--59bfc471-bae8-45ab-af99-444b950d210f",
|
||
|
"ipv4-addr--59bfc471-bae8-45ab-af99-444b950d210f",
|
||
|
"observed-data--59bfc472-73c0-400a-bb0d-190a950d210f",
|
||
|
"network-traffic--59bfc472-73c0-400a-bb0d-190a950d210f",
|
||
|
"ipv4-addr--59bfc472-73c0-400a-bb0d-190a950d210f",
|
||
|
"indicator--59bfc472-d664-4713-a13f-18ff950d210f",
|
||
|
"observed-data--59bfc473-dc44-4c12-b586-18ff950d210f",
|
||
|
"url--59bfc473-dc44-4c12-b586-18ff950d210f",
|
||
|
"observed-data--59bfc474-4af0-4cff-9450-91d9950d210f",
|
||
|
"url--59bfc474-4af0-4cff-9450-91d9950d210f",
|
||
|
"observed-data--59bfc474-023c-49d2-ac0f-4686950d210f",
|
||
|
"url--59bfc474-023c-49d2-ac0f-4686950d210f",
|
||
|
"observed-data--59bfc474-37ac-4804-bd89-4a1b950d210f",
|
||
|
"url--59bfc474-37ac-4804-bd89-4a1b950d210f",
|
||
|
"observed-data--59bfc4b3-6384-4425-a920-40c3950d210f",
|
||
|
"url--59bfc4b3-6384-4425-a920-40c3950d210f",
|
||
|
"observed-data--59bfc4b3-a7ac-4875-8f1d-1916950d210f",
|
||
|
"url--59bfc4b3-a7ac-4875-8f1d-1916950d210f",
|
||
|
"indicator--59ee0d35-83fc-4fa1-8932-436602de0b81",
|
||
|
"observed-data--59ee0d35-a704-4611-8279-476202de0b81",
|
||
|
"url--59ee0d35-a704-4611-8279-476202de0b81",
|
||
|
"indicator--59ee0d35-7250-461e-acbf-471702de0b81",
|
||
|
"indicator--59ee0d35-4f70-4bd1-90d2-421b02de0b81",
|
||
|
"observed-data--59ee0d35-8cd0-4a2a-a26e-417102de0b81",
|
||
|
"url--59ee0d35-8cd0-4a2a-a26e-417102de0b81",
|
||
|
"indicator--59ee0d35-ec94-47ea-823f-477a02de0b81",
|
||
|
"indicator--59ee0d35-f84c-4a9e-b9b3-46ec02de0b81",
|
||
|
"observed-data--59ee0d35-a670-4120-b5d3-43a502de0b81",
|
||
|
"url--59ee0d35-a670-4120-b5d3-43a502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"ecsirt:malicious-code=\"ransomware\"",
|
||
|
"misp-galaxy:ransomware=\"Locky\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc440-11c0-40ba-97c7-1914950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '20f2ca720cb4dcca9195113f258ca4ef']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc441-8e8c-49eb-88e5-190a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '24888615662135054bb9a28d50ae2c0f6711975ba5251f0862ecc8b95b2512de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc441-450c-4bee-92af-167b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '0faf7bb76b212bafe2949ed9c0d04c87a5aea40deefb11d360fb6912be84fbd8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc441-f604-4ec5-b075-1916950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'c674da5f1c063a0bec896d03492620ac94687e7687a1b91944d93c1d6527c8a7']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc442-b6c4-4fce-972c-167b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"pattern": "[url:value = 'http://abelfaria.pt/87thiuh3gfDGS']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc442-ff64-4234-9246-413f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"pattern": "[domain-name:value = 'abelfaria.pt']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc443-1550-4cfe-ac10-1916950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:31Z",
|
||
|
"last_observed": "2017-10-23T15:39:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc443-1550-4cfe-ac10-1916950d210f",
|
||
|
"ipv4-addr--59bfc443-1550-4cfe-ac10-1916950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc443-1550-4cfe-ac10-1916950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc443-1550-4cfe-ac10-1916950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc443-1550-4cfe-ac10-1916950d210f",
|
||
|
"value": "109.71.42.24"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc443-90b0-41f4-8882-1677950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"pattern": "[url:value = 'http://cedipsa.com/87thiuh3gfDGS']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc443-6ef4-4a1e-a822-425c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"pattern": "[domain-name:value = 'cedipsa.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc444-79f4-49af-a9f2-91d9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:31Z",
|
||
|
"last_observed": "2017-10-23T15:39:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc444-79f4-49af-a9f2-91d9950d210f",
|
||
|
"ipv4-addr--59bfc444-79f4-49af-a9f2-91d9950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc444-79f4-49af-a9f2-91d9950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc444-79f4-49af-a9f2-91d9950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc444-79f4-49af-a9f2-91d9950d210f",
|
||
|
"value": "93.189.91.20"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc445-4c4c-4d5d-88d4-496b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"pattern": "[url:value = 'http://grovecreative.co.uk/87thiuh3gfDGS']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc445-3a30-440b-a11d-18ff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"pattern": "[domain-name:value = 'grovecreative.co.uk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc445-d310-4d3c-b58c-4096950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:31Z",
|
||
|
"last_observed": "2017-10-23T15:39:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc445-d310-4d3c-b58c-4096950d210f",
|
||
|
"ipv4-addr--59bfc445-d310-4d3c-b58c-4096950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc445-d310-4d3c-b58c-4096950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc445-d310-4d3c-b58c-4096950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc445-d310-4d3c-b58c-4096950d210f",
|
||
|
"value": "188.165.73.151"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc446-c580-4458-8786-190b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"pattern": "[url:value = 'http://lanzensberger.de/87thiuh3gfDGS']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc446-d474-4c06-8dfc-17ec950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"pattern": "[domain-name:value = 'lanzensberger.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc446-7494-420a-9ef5-18ff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:31Z",
|
||
|
"last_observed": "2017-10-23T15:39:31Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc446-7494-420a-9ef5-18ff950d210f",
|
||
|
"ipv4-addr--59bfc446-7494-420a-9ef5-18ff950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc446-7494-420a-9ef5-18ff950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc446-7494-420a-9ef5-18ff950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc446-7494-420a-9ef5-18ff950d210f",
|
||
|
"value": "94.142.217.110"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc447-ea2c-4604-914d-4d38950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"pattern": "[url:value = 'http://miliaraic.ru/p66/87thiuh3gfDGS']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc447-6474-4827-875b-1916950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:31.000Z",
|
||
|
"modified": "2017-10-23T15:39:31.000Z",
|
||
|
"pattern": "[domain-name:value = 'miliaraic.ru']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc458-f004-42b0-9a34-474b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://pielen.de/87thiuh3gfDGS']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc459-42e8-4d7d-8d52-91d9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'pielen.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc459-5bc0-498d-a557-1677950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:32Z",
|
||
|
"last_observed": "2017-10-23T15:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc459-5bc0-498d-a557-1677950d210f",
|
||
|
"ipv4-addr--59bfc459-5bc0-498d-a557-1677950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc459-5bc0-498d-a557-1677950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc459-5bc0-498d-a557-1677950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc459-5bc0-498d-a557-1677950d210f",
|
||
|
"value": "62.154.185.60"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc45a-dbdc-4b1d-9b4f-190b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://qstom.com/87thiuh3gfDGS']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc45a-9294-4551-9d33-4321950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'qstom.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc45a-4748-44a6-9563-4074950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:32Z",
|
||
|
"last_observed": "2017-10-23T15:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc45a-4748-44a6-9563-4074950d210f",
|
||
|
"ipv4-addr--59bfc45a-4748-44a6-9563-4074950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc45a-4748-44a6-9563-4074950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc45a-4748-44a6-9563-4074950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc45a-4748-44a6-9563-4074950d210f",
|
||
|
"value": "173.201.253.230"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc45b-9c70-4502-9fe5-17a8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://saitis.eu/87thiuh3gfDGS']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc45b-6e40-41ff-916c-1914950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'saitis.eu']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc45c-342c-4c06-8052-4434950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:32Z",
|
||
|
"last_observed": "2017-10-23T15:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc45c-342c-4c06-8052-4434950d210f",
|
||
|
"ipv4-addr--59bfc45c-342c-4c06-8052-4434950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc45c-342c-4c06-8052-4434950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc45c-342c-4c06-8052-4434950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc45c-342c-4c06-8052-4434950d210f",
|
||
|
"value": "149.56.223.252"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc45c-04b0-4421-815e-190a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://troyriser.com/87thiuh3gfDGS']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc45c-c868-45a3-909a-17a8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'troyriser.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc45d-3588-46e5-8ace-18ff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:32Z",
|
||
|
"last_observed": "2017-10-23T15:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc45d-3588-46e5-8ace-18ff950d210f",
|
||
|
"ipv4-addr--59bfc45d-3588-46e5-8ace-18ff950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc45d-3588-46e5-8ace-18ff950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc45d-3588-46e5-8ace-18ff950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc45d-3588-46e5-8ace-18ff950d210f",
|
||
|
"value": "98.124.251.167"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc45d-eae4-4ffd-8972-1677950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://unifiedfloor.com/87thiuh3gfDGS']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc45e-eaa8-4142-9166-4f62950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'unifiedfloor.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc45e-1084-4003-af95-1914950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:32Z",
|
||
|
"last_observed": "2017-10-23T15:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc45e-1084-4003-af95-1914950d210f",
|
||
|
"ipv4-addr--59bfc45e-1084-4003-af95-1914950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc45e-1084-4003-af95-1914950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc45e-1084-4003-af95-1914950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc45e-1084-4003-af95-1914950d210f",
|
||
|
"value": "209.15.0.66"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc45f-5d58-4869-8bd7-439d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://w4fot.com/87thiuh3gfDGS']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc45f-6c44-4e25-844a-4163950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'w4fot.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc460-f37c-4087-97c0-1677950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:32Z",
|
||
|
"last_observed": "2017-10-23T15:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc460-f37c-4087-97c0-1677950d210f",
|
||
|
"ipv4-addr--59bfc460-f37c-4087-97c0-1677950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc460-f37c-4087-97c0-1677950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc460-f37c-4087-97c0-1677950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc460-f37c-4087-97c0-1677950d210f",
|
||
|
"value": "64.6.239.98"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc460-0058-4fd4-8dda-17a8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://web-ch-team.ch/87thiuh3gfDGS']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc461-3030-4575-9426-167b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'web-ch-team.ch']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc461-bd54-497e-b2fc-4fa8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:32Z",
|
||
|
"last_observed": "2017-10-23T15:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc461-bd54-497e-b2fc-4fa8950d210f",
|
||
|
"ipv4-addr--59bfc461-bd54-497e-b2fc-4fa8950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc461-bd54-497e-b2fc-4fa8950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc461-bd54-497e-b2fc-4fa8950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc461-bd54-497e-b2fc-4fa8950d210f",
|
||
|
"value": "194.150.248.56"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc461-6fe0-4042-a5eb-400a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://www.elitecommunications.co.uk/87thiuh3gfDGS']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc462-88a4-48cc-9d44-1913950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'www.elitecommunications.co.uk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc462-98dc-4a3f-99fe-1914950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:32Z",
|
||
|
"last_observed": "2017-10-23T15:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc462-98dc-4a3f-99fe-1914950d210f",
|
||
|
"ipv4-addr--59bfc462-98dc-4a3f-99fe-1914950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc462-98dc-4a3f-99fe-1914950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc462-98dc-4a3f-99fe-1914950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc462-98dc-4a3f-99fe-1914950d210f",
|
||
|
"value": "217.118.128.244"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc463-749c-44ef-9816-17ec950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://yildizmakina74.com/87thiuh3gfDGS']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc463-34f0-422a-96c3-4bf6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'yildizmakina74.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc463-9a38-4ed4-9718-1913950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:32Z",
|
||
|
"last_observed": "2017-10-23T15:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc463-9a38-4ed4-9718-1913950d210f",
|
||
|
"ipv4-addr--59bfc463-9a38-4ed4-9718-1913950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc463-9a38-4ed4-9718-1913950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc463-9a38-4ed4-9718-1913950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc463-9a38-4ed4-9718-1913950d210f",
|
||
|
"value": "85.95.237.29"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc464-5184-4279-85e6-49d8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:32Z",
|
||
|
"last_observed": "2017-10-23T15:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59bfc464-5184-4279-85e6-49d8950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59bfc464-5184-4279-85e6-49d8950d210f",
|
||
|
"value": "http://91.191.184.158/imageload.cgi"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc464-8bcc-4ba4-9932-17ec950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:32Z",
|
||
|
"last_observed": "2017-10-23T15:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc464-8bcc-4ba4-9932-17ec950d210f",
|
||
|
"ipv4-addr--59bfc464-8bcc-4ba4-9932-17ec950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc464-8bcc-4ba4-9932-17ec950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc464-8bcc-4ba4-9932-17ec950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc464-8bcc-4ba4-9932-17ec950d210f",
|
||
|
"value": "91.191.184.158"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc465-6c64-4521-9d3e-1913950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:32Z",
|
||
|
"last_observed": "2017-10-23T15:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59bfc465-6c64-4521-9d3e-1913950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59bfc465-6c64-4521-9d3e-1913950d210f",
|
||
|
"value": "http://195.123.218.226/imageload.cgi"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc465-d424-4bc1-afc1-1914950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:32Z",
|
||
|
"last_observed": "2017-10-23T15:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc465-d424-4bc1-afc1-1914950d210f",
|
||
|
"ipv4-addr--59bfc465-d424-4bc1-afc1-1914950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc465-d424-4bc1-afc1-1914950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc465-d424-4bc1-afc1-1914950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc465-d424-4bc1-afc1-1914950d210f",
|
||
|
"value": "195.123.218.226"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc465-0638-4343-b376-4f21950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://plbdykyhfysuemla.biz/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc466-a4c8-4ec0-96d8-1913950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'plbdykyhfysuemla.biz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc466-8e78-4052-a0c3-4293950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://binkdxdjmnimvu.xyz/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc466-b8d4-4fc0-8c2c-167b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'binkdxdjmnimvu.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc467-428c-47a3-bc24-1565950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:32Z",
|
||
|
"last_observed": "2017-10-23T15:39:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc467-428c-47a3-bc24-1565950d210f",
|
||
|
"ipv4-addr--59bfc467-428c-47a3-bc24-1565950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc467-428c-47a3-bc24-1565950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc467-428c-47a3-bc24-1565950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc467-428c-47a3-bc24-1565950d210f",
|
||
|
"value": "192.42.116.41"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc467-34e8-4870-99ea-1914950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://jkvjaco.org/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc467-6f94-4eb3-89bd-4eed950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'jkvjaco.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc468-83ac-48a8-9879-4cae950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://butylctatr.org/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc468-0174-498b-bb0c-91d9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'butylctatr.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc469-ec2c-4f65-972d-1914950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://dsmlskae.su/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc469-8490-4e49-b2d9-17a8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'dsmlskae.su']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46a-91a8-4cee-8b37-1677950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://ybxjwcxwdkdfii.su/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46a-b388-4a62-b545-167b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'ybxjwcxwdkdfii.su']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46b-36b8-4bad-826a-190b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://lpnwxhtui.click/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46b-5578-4581-8ded-17a8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'lpnwxhtui.click']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46b-6350-4590-ba89-167b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://ibwudico.su/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46c-d8e0-42f8-85de-91d9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'ibwudico.su']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46c-3780-41d8-9982-17a8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://gnxvwwpwjadctwm.click/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46c-b334-428d-8dc8-190a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'gnxvwwpwjadctwm.click']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46d-e1c0-4672-b206-18ff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://symfensvoh.org/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46d-f75c-4db6-bd1e-44d4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'symfensvoh.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46e-ccfc-428f-8d38-190a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:32.000Z",
|
||
|
"modified": "2017-10-23T15:39:32.000Z",
|
||
|
"pattern": "[url:value = 'http://sckodbf.biz/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46e-5c3c-45ec-855d-17ec950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"pattern": "[domain-name:value = 'sckodbf.biz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46e-12e4-4e0a-acd1-167b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"pattern": "[url:value = 'http://yjqfggabiym.pl/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46f-9c6c-41a9-be72-18ff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"pattern": "[domain-name:value = 'yjqfggabiym.pl']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46f-cce0-4ef3-95fb-190a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"pattern": "[url:value = 'http://blog.dynamoo.com/2017/09/malware-spam-status-of-invoice-with-7z.html']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc46f-241c-4caa-81dd-17ec950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"pattern": "[domain-name:value = 'blog.dynamoo.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc470-fdd4-48fe-99ec-1565950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:33Z",
|
||
|
"last_observed": "2017-10-23T15:39:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc470-fdd4-48fe-99ec-1565950d210f",
|
||
|
"ipv4-addr--59bfc470-fdd4-48fe-99ec-1565950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc470-fdd4-48fe-99ec-1565950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc470-fdd4-48fe-99ec-1565950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc470-fdd4-48fe-99ec-1565950d210f",
|
||
|
"value": "216.58.207.51"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc470-6b84-487e-882a-4415950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"pattern": "[url:value = 'https://1.bp.blogspot.com/-Ny5VWOYmFzY/VFfHZVb3KFI/AAAAAAAAF54/esl8RS0lLMEigFZYWAf1edgsKtriXTWdwCPcBGAYYCw/s1600/invoice.png']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc470-7704-46a8-8d52-17ec950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"pattern": "[domain-name:value = '1.bp.blogspot.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc470-c438-4128-b6cc-17a8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:33Z",
|
||
|
"last_observed": "2017-10-23T15:39:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc470-c438-4128-b6cc-17a8950d210f",
|
||
|
"ipv4-addr--59bfc470-c438-4128-b6cc-17a8950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc470-c438-4128-b6cc-17a8950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc470-c438-4128-b6cc-17a8950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc470-c438-4128-b6cc-17a8950d210f",
|
||
|
"value": "216.58.207.33"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc471-de08-4e89-9c80-1916950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"pattern": "[url:value = 'https://pastebin.com/rDFzUZXw']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc471-6e3c-4eac-8d00-190b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"pattern": "[domain-name:value = 'pastebin.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc471-bae8-45ab-af99-444b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:33Z",
|
||
|
"last_observed": "2017-10-23T15:39:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc471-bae8-45ab-af99-444b950d210f",
|
||
|
"ipv4-addr--59bfc471-bae8-45ab-af99-444b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc471-bae8-45ab-af99-444b950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc471-bae8-45ab-af99-444b950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc471-bae8-45ab-af99-444b950d210f",
|
||
|
"value": "104.20.209.21"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc472-73c0-400a-bb0d-190a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:33Z",
|
||
|
"last_observed": "2017-10-23T15:39:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59bfc472-73c0-400a-bb0d-190a950d210f",
|
||
|
"ipv4-addr--59bfc472-73c0-400a-bb0d-190a950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59bfc472-73c0-400a-bb0d-190a950d210f",
|
||
|
"dst_ref": "ipv4-addr--59bfc472-73c0-400a-bb0d-190a950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59bfc472-73c0-400a-bb0d-190a950d210f",
|
||
|
"value": "104.20.208.21"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59bfc472-d664-4713-a13f-18ff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"pattern": "[url:value = 'https://pastebin.com/fyDWa7h0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc473-dc44-4c12-b586-18ff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:33Z",
|
||
|
"last_observed": "2017-10-23T15:39:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59bfc473-dc44-4c12-b586-18ff950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59bfc473-dc44-4c12-b586-18ff950d210f",
|
||
|
"value": "https://www.hybrid-analysis.com/sample/24888615662135054bb9a28d50ae2c0f6711975ba5251f0862ecc8b95b2512de?environmentId=100"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc474-4af0-4cff-9450-91d9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:33Z",
|
||
|
"last_observed": "2017-10-23T15:39:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59bfc474-4af0-4cff-9450-91d9950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59bfc474-4af0-4cff-9450-91d9950d210f",
|
||
|
"value": "https://www.hybrid-analysis.com/sample/0faf7bb76b212bafe2949ed9c0d04c87a5aea40deefb11d360fb6912be84fbd8?environmentId=100"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc474-023c-49d2-ac0f-4686950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:33Z",
|
||
|
"last_observed": "2017-10-23T15:39:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59bfc474-023c-49d2-ac0f-4686950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59bfc474-023c-49d2-ac0f-4686950d210f",
|
||
|
"value": "https://malwr.com/analysis/Y2IxOTMwMjY3OGUyNGVjYmI4ODNiNzZjNjJjMmViYzQ/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc474-37ac-4804-bd89-4a1b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:33Z",
|
||
|
"last_observed": "2017-10-23T15:39:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59bfc474-37ac-4804-bd89-4a1b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59bfc474-37ac-4804-bd89-4a1b950d210f",
|
||
|
"value": "https://malwr.com/analysis/MGY4YzRmOWE2YTIxNDY3ZWE4NjZjYWE5NGJjZDA1ZmM/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc4b3-6384-4425-a920-40c3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:33Z",
|
||
|
"last_observed": "2017-10-23T15:39:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59bfc4b3-6384-4425-a920-40c3950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59bfc4b3-6384-4425-a920-40c3950d210f",
|
||
|
"value": "https://www.virustotal.com/#/file/c674da5f1c063a0bec896d03492620ac94687e7687a1b91944d93c1d6527c8a7/detection"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59bfc4b3-a7ac-4875-8f1d-1916950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:33Z",
|
||
|
"last_observed": "2017-10-23T15:39:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59bfc4b3-a7ac-4875-8f1d-1916950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59bfc4b3-a7ac-4875-8f1d-1916950d210f",
|
||
|
"value": "https://www.hybrid-analysis.com/sample/c674da5f1c063a0bec896d03492620ac94687e7687a1b91944d93c1d6527c8a7?environmentId=100"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59ee0d35-83fc-4fa1-8932-436602de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"description": "- Xchecked via VT: c674da5f1c063a0bec896d03492620ac94687e7687a1b91944d93c1d6527c8a7",
|
||
|
"pattern": "[file:hashes.SHA1 = '2f5e2914af69f91c5e84e7ea0fc58dad4b6b741e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59ee0d35-a704-4611-8279-476202de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:33Z",
|
||
|
"last_observed": "2017-10-23T15:39:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59ee0d35-a704-4611-8279-476202de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59ee0d35-a704-4611-8279-476202de0b81",
|
||
|
"value": "https://www.virustotal.com/file/c674da5f1c063a0bec896d03492620ac94687e7687a1b91944d93c1d6527c8a7/analysis/1508636490/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59ee0d35-7250-461e-acbf-471702de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"description": "- Xchecked via VT: 0faf7bb76b212bafe2949ed9c0d04c87a5aea40deefb11d360fb6912be84fbd8",
|
||
|
"pattern": "[file:hashes.SHA1 = 'df0b16d25694e9828539ef503fefea837eeea46d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59ee0d35-4f70-4bd1-90d2-421b02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"description": "- Xchecked via VT: 0faf7bb76b212bafe2949ed9c0d04c87a5aea40deefb11d360fb6912be84fbd8",
|
||
|
"pattern": "[file:hashes.MD5 = 'd720e786de4e79c5e6f6172b80da45fe']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59ee0d35-8cd0-4a2a-a26e-417102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:33Z",
|
||
|
"last_observed": "2017-10-23T15:39:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59ee0d35-8cd0-4a2a-a26e-417102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59ee0d35-8cd0-4a2a-a26e-417102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/0faf7bb76b212bafe2949ed9c0d04c87a5aea40deefb11d360fb6912be84fbd8/analysis/1506595289/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59ee0d35-ec94-47ea-823f-477a02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"description": "- Xchecked via VT: 24888615662135054bb9a28d50ae2c0f6711975ba5251f0862ecc8b95b2512de",
|
||
|
"pattern": "[file:hashes.SHA1 = '81f7dede7c47c71f3c59671f2557823ad4e4dea2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59ee0d35-f84c-4a9e-b9b3-46ec02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"description": "- Xchecked via VT: 24888615662135054bb9a28d50ae2c0f6711975ba5251f0862ecc8b95b2512de",
|
||
|
"pattern": "[file:hashes.MD5 = '8d4dfc3be8231ff95790fcf4de0ab54e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-10-23T15:39:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59ee0d35-a670-4120-b5d3-43a502de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-10-23T15:39:33.000Z",
|
||
|
"modified": "2017-10-23T15:39:33.000Z",
|
||
|
"first_observed": "2017-10-23T15:39:33Z",
|
||
|
"last_observed": "2017-10-23T15:39:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59ee0d35-a670-4120-b5d3-43a502de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59ee0d35-a670-4120-b5d3-43a502de0b81",
|
||
|
"value": "https://www.virustotal.com/file/24888615662135054bb9a28d50ae2c0f6711975ba5251f0862ecc8b95b2512de/analysis/1506596589/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|