2265 lines
90 KiB
JSON
2265 lines
90 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--59f87123-2624-486b-92c9-4f14950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T15:33:57.000Z",
|
||
|
"modified": "2017-11-09T15:33:57.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--59f87123-2624-486b-92c9-4f14950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T15:33:57.000Z",
|
||
|
"modified": "2017-11-09T15:33:57.000Z",
|
||
|
"name": "M2M - Locky Affid=3, \".asasin\"/Trickbot \"mac1\" 2017-10-31 : \"Invoice INV0000123\" - \"INV0000123.doc\"",
|
||
|
"published": "2017-11-09T15:34:41Z",
|
||
|
"object_refs": [
|
||
|
"indicator--59f87124-b2cc-44c7-bbb2-4092950d210f",
|
||
|
"indicator--59f87124-f2d0-4ffb-b750-411d950d210f",
|
||
|
"indicator--59f87124-e0c0-4263-8f2b-4200950d210f",
|
||
|
"indicator--59f87125-021c-4494-b94e-4f3e950d210f",
|
||
|
"indicator--59f87125-b548-4ff1-88e2-47ac950d210f",
|
||
|
"observed-data--59f87125-3ff8-4a35-b794-4bc3950d210f",
|
||
|
"network-traffic--59f87125-3ff8-4a35-b794-4bc3950d210f",
|
||
|
"ipv4-addr--59f87125-3ff8-4a35-b794-4bc3950d210f",
|
||
|
"indicator--59f87125-d35c-467c-83b0-4039950d210f",
|
||
|
"indicator--59f87125-79b8-4447-9337-4caa950d210f",
|
||
|
"observed-data--59f87126-d768-4de0-b5d2-4c15950d210f",
|
||
|
"network-traffic--59f87126-d768-4de0-b5d2-4c15950d210f",
|
||
|
"ipv4-addr--59f87126-d768-4de0-b5d2-4c15950d210f",
|
||
|
"indicator--59f87126-821c-4f45-b217-4499950d210f",
|
||
|
"indicator--59f87126-4e68-482c-938a-4654950d210f",
|
||
|
"observed-data--59f87126-b338-43b5-8597-4bbd950d210f",
|
||
|
"network-traffic--59f87126-b338-43b5-8597-4bbd950d210f",
|
||
|
"ipv4-addr--59f87126-b338-43b5-8597-4bbd950d210f",
|
||
|
"indicator--59f87127-b2c8-444e-803e-47f6950d210f",
|
||
|
"indicator--59f87127-eb3c-483a-9321-47cd950d210f",
|
||
|
"observed-data--59f87127-856c-4091-bfe4-431e950d210f",
|
||
|
"network-traffic--59f87127-856c-4091-bfe4-431e950d210f",
|
||
|
"ipv4-addr--59f87127-856c-4091-bfe4-431e950d210f",
|
||
|
"indicator--59f87127-4b38-41a9-b74c-4581950d210f",
|
||
|
"indicator--59f87128-4560-41b4-8996-4657950d210f",
|
||
|
"observed-data--59f87128-2080-42bb-b8cd-41ec950d210f",
|
||
|
"network-traffic--59f87128-2080-42bb-b8cd-41ec950d210f",
|
||
|
"ipv4-addr--59f87128-2080-42bb-b8cd-41ec950d210f",
|
||
|
"indicator--59f87128-f1d0-4877-a57b-4afd950d210f",
|
||
|
"indicator--59f87128-6630-488d-8671-40e2950d210f",
|
||
|
"observed-data--59f87129-5114-40c2-9be1-4282950d210f",
|
||
|
"network-traffic--59f87129-5114-40c2-9be1-4282950d210f",
|
||
|
"ipv4-addr--59f87129-5114-40c2-9be1-4282950d210f",
|
||
|
"indicator--59f87129-54e0-4bc2-9d7a-4059950d210f",
|
||
|
"indicator--59f87129-e024-4779-883c-4510950d210f",
|
||
|
"observed-data--59f8712a-1134-4ab7-acd7-429f950d210f",
|
||
|
"network-traffic--59f8712a-1134-4ab7-acd7-429f950d210f",
|
||
|
"ipv4-addr--59f8712a-1134-4ab7-acd7-429f950d210f",
|
||
|
"indicator--59f8712a-7ef8-46ea-8a42-4404950d210f",
|
||
|
"indicator--59f8712a-3700-4375-93ea-4039950d210f",
|
||
|
"observed-data--59f8712b-ef4c-481c-9630-4972950d210f",
|
||
|
"network-traffic--59f8712b-ef4c-481c-9630-4972950d210f",
|
||
|
"ipv4-addr--59f8712b-ef4c-481c-9630-4972950d210f",
|
||
|
"indicator--59f8712b-c1b8-4210-a57e-4c5a950d210f",
|
||
|
"indicator--59f8712c-c984-41a0-94e5-4409950d210f",
|
||
|
"observed-data--59f8712c-50b4-49d5-b63b-4925950d210f",
|
||
|
"network-traffic--59f8712c-50b4-49d5-b63b-4925950d210f",
|
||
|
"ipv4-addr--59f8712c-50b4-49d5-b63b-4925950d210f",
|
||
|
"indicator--59f8712c-3040-49eb-8bc3-41de950d210f",
|
||
|
"indicator--59f8712c-8910-4767-a196-4d97950d210f",
|
||
|
"observed-data--59f8712d-8d10-48a8-ac9d-4330950d210f",
|
||
|
"network-traffic--59f8712d-8d10-48a8-ac9d-4330950d210f",
|
||
|
"ipv4-addr--59f8712d-8d10-48a8-ac9d-4330950d210f",
|
||
|
"indicator--59f8712d-5c84-49fa-8d9e-4a01950d210f",
|
||
|
"indicator--59f8712d-d5f4-4a82-86b7-4894950d210f",
|
||
|
"indicator--59f8714b-c2f8-40ec-98f7-4de9950d210f",
|
||
|
"indicator--59f8714c-1ae4-4fb1-bb33-4039950d210f",
|
||
|
"observed-data--59f8714c-24bc-4e7b-b3ad-49ef950d210f",
|
||
|
"network-traffic--59f8714c-24bc-4e7b-b3ad-49ef950d210f",
|
||
|
"ipv4-addr--59f8714c-24bc-4e7b-b3ad-49ef950d210f",
|
||
|
"indicator--59f8714c-07b0-4118-98c0-4e41950d210f",
|
||
|
"indicator--59f8714d-9288-4422-b1c9-468e950d210f",
|
||
|
"observed-data--59f8714d-b6dc-49ed-b0c3-4657950d210f",
|
||
|
"network-traffic--59f8714d-b6dc-49ed-b0c3-4657950d210f",
|
||
|
"ipv4-addr--59f8714d-b6dc-49ed-b0c3-4657950d210f",
|
||
|
"observed-data--59f8714d-2c10-4d3d-938e-47a1950d210f",
|
||
|
"network-traffic--59f8714d-2c10-4d3d-938e-47a1950d210f",
|
||
|
"ipv4-addr--59f8714d-2c10-4d3d-938e-47a1950d210f",
|
||
|
"observed-data--59f8714d-208c-4673-849e-40af950d210f",
|
||
|
"network-traffic--59f8714d-208c-4673-849e-40af950d210f",
|
||
|
"ipv4-addr--59f8714d-208c-4673-849e-40af950d210f",
|
||
|
"observed-data--59f8714e-6aec-4a17-915e-435d950d210f",
|
||
|
"network-traffic--59f8714e-6aec-4a17-915e-435d950d210f",
|
||
|
"ipv4-addr--59f8714e-6aec-4a17-915e-435d950d210f",
|
||
|
"observed-data--59f8714e-933c-46d7-8a8d-4d16950d210f",
|
||
|
"network-traffic--59f8714e-933c-46d7-8a8d-4d16950d210f",
|
||
|
"ipv4-addr--59f8714e-933c-46d7-8a8d-4d16950d210f",
|
||
|
"observed-data--59f8714e-d304-4a22-87f3-4a58950d210f",
|
||
|
"network-traffic--59f8714e-d304-4a22-87f3-4a58950d210f",
|
||
|
"ipv4-addr--59f8714e-d304-4a22-87f3-4a58950d210f",
|
||
|
"observed-data--59f8714f-3c7c-4762-a078-49c9950d210f",
|
||
|
"network-traffic--59f8714f-3c7c-4762-a078-49c9950d210f",
|
||
|
"ipv4-addr--59f8714f-3c7c-4762-a078-49c9950d210f",
|
||
|
"observed-data--59f8714f-ec74-4d31-839c-4c1e950d210f",
|
||
|
"network-traffic--59f8714f-ec74-4d31-839c-4c1e950d210f",
|
||
|
"ipv4-addr--59f8714f-ec74-4d31-839c-4c1e950d210f",
|
||
|
"observed-data--59f87150-7be4-4e16-9d48-45c4950d210f",
|
||
|
"network-traffic--59f87150-7be4-4e16-9d48-45c4950d210f",
|
||
|
"ipv4-addr--59f87150-7be4-4e16-9d48-45c4950d210f",
|
||
|
"observed-data--59f87150-97e8-4679-959a-4650950d210f",
|
||
|
"network-traffic--59f87150-97e8-4679-959a-4650950d210f",
|
||
|
"ipv4-addr--59f87150-97e8-4679-959a-4650950d210f",
|
||
|
"observed-data--59f87150-65fc-405f-8a78-4122950d210f",
|
||
|
"network-traffic--59f87150-65fc-405f-8a78-4122950d210f",
|
||
|
"ipv4-addr--59f87150-65fc-405f-8a78-4122950d210f",
|
||
|
"observed-data--59f87150-d200-4460-89a9-4bdb950d210f",
|
||
|
"network-traffic--59f87150-d200-4460-89a9-4bdb950d210f",
|
||
|
"ipv4-addr--59f87150-d200-4460-89a9-4bdb950d210f",
|
||
|
"observed-data--59f87151-a3d4-4ead-9b2e-48b2950d210f",
|
||
|
"network-traffic--59f87151-a3d4-4ead-9b2e-48b2950d210f",
|
||
|
"ipv4-addr--59f87151-a3d4-4ead-9b2e-48b2950d210f",
|
||
|
"observed-data--59f87152-1cac-4e3a-9fbb-4372950d210f",
|
||
|
"network-traffic--59f87152-1cac-4e3a-9fbb-4372950d210f",
|
||
|
"ipv4-addr--59f87152-1cac-4e3a-9fbb-4372950d210f",
|
||
|
"observed-data--59f87152-22dc-4901-8785-4c5c950d210f",
|
||
|
"network-traffic--59f87152-22dc-4901-8785-4c5c950d210f",
|
||
|
"ipv4-addr--59f87152-22dc-4901-8785-4c5c950d210f",
|
||
|
"observed-data--59f87152-5764-4606-b6ef-4039950d210f",
|
||
|
"network-traffic--59f87152-5764-4606-b6ef-4039950d210f",
|
||
|
"ipv4-addr--59f87152-5764-4606-b6ef-4039950d210f",
|
||
|
"observed-data--59f87152-9b78-451b-bfa3-4821950d210f",
|
||
|
"network-traffic--59f87152-9b78-451b-bfa3-4821950d210f",
|
||
|
"ipv4-addr--59f87152-9b78-451b-bfa3-4821950d210f",
|
||
|
"observed-data--59f87153-ba3c-483c-9839-4098950d210f",
|
||
|
"network-traffic--59f87153-ba3c-483c-9839-4098950d210f",
|
||
|
"ipv4-addr--59f87153-ba3c-483c-9839-4098950d210f",
|
||
|
"observed-data--59f87153-2e0c-4202-9a61-4657950d210f",
|
||
|
"network-traffic--59f87153-2e0c-4202-9a61-4657950d210f",
|
||
|
"ipv4-addr--59f87153-2e0c-4202-9a61-4657950d210f",
|
||
|
"observed-data--59f87153-7ffc-489f-a123-4378950d210f",
|
||
|
"network-traffic--59f87153-7ffc-489f-a123-4378950d210f",
|
||
|
"ipv4-addr--59f87153-7ffc-489f-a123-4378950d210f",
|
||
|
"observed-data--59f87153-2e7c-4189-95c3-4fa6950d210f",
|
||
|
"network-traffic--59f87153-2e7c-4189-95c3-4fa6950d210f",
|
||
|
"ipv4-addr--59f87153-2e7c-4189-95c3-4fa6950d210f",
|
||
|
"observed-data--59f87154-5ec0-4445-ae49-4198950d210f",
|
||
|
"network-traffic--59f87154-5ec0-4445-ae49-4198950d210f",
|
||
|
"ipv4-addr--59f87154-5ec0-4445-ae49-4198950d210f",
|
||
|
"observed-data--59f87154-e794-4893-b78e-4c58950d210f",
|
||
|
"network-traffic--59f87154-e794-4893-b78e-4c58950d210f",
|
||
|
"ipv4-addr--59f87154-e794-4893-b78e-4c58950d210f",
|
||
|
"observed-data--59f87154-1554-459a-98c7-4429950d210f",
|
||
|
"network-traffic--59f87154-1554-459a-98c7-4429950d210f",
|
||
|
"ipv4-addr--59f87154-1554-459a-98c7-4429950d210f",
|
||
|
"observed-data--59f87155-58b4-43c8-932f-4248950d210f",
|
||
|
"network-traffic--59f87155-58b4-43c8-932f-4248950d210f",
|
||
|
"ipv4-addr--59f87155-58b4-43c8-932f-4248950d210f",
|
||
|
"observed-data--59f87155-6cac-48a9-8dca-4e5b950d210f",
|
||
|
"network-traffic--59f87155-6cac-48a9-8dca-4e5b950d210f",
|
||
|
"ipv4-addr--59f87155-6cac-48a9-8dca-4e5b950d210f",
|
||
|
"indicator--59fa183c-8a6c-4218-8271-1ad302de0b81",
|
||
|
"indicator--59fa183c-a688-48ed-9d1b-1ad302de0b81",
|
||
|
"observed-data--59fa183d-ac44-48bb-84fc-1ad302de0b81",
|
||
|
"url--59fa183d-ac44-48bb-84fc-1ad302de0b81",
|
||
|
"indicator--59fa183d-8f68-422e-9cc5-1ad302de0b81",
|
||
|
"indicator--59fa183d-fbb4-45e8-b2e4-1ad302de0b81",
|
||
|
"observed-data--59fa183d-8348-4ca4-bbec-1ad302de0b81",
|
||
|
"url--59fa183d-8348-4ca4-bbec-1ad302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"ecsirt:malicious-code=\"ransomware\"",
|
||
|
"misp-galaxy:ransomware=\"Locky\"",
|
||
|
"misp-galaxy:tool=\"Trick Bot\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87124-b2cc-44c7-bbb2-4092950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:47.000Z",
|
||
|
"modified": "2017-11-01T18:53:47.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '1916150b3356fe6e6da7ec2e2a78e189']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87124-f2d0-4ffb-b750-411d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:47.000Z",
|
||
|
"modified": "2017-11-01T18:53:47.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'e67b2f58896059cce8c6ff83c5737687']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87124-e0c0-4263-8f2b-4200950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:47.000Z",
|
||
|
"modified": "2017-11-01T18:53:47.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'e1ac6820b8b94ee937d8fe301437609d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87125-021c-4494-b94e-4f3e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:47.000Z",
|
||
|
"modified": "2017-11-01T18:53:47.000Z",
|
||
|
"pattern": "[url:value = 'http://christakranzl.at/eiuhf384']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87125-b548-4ff1-88e2-47ac950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:47.000Z",
|
||
|
"modified": "2017-11-01T18:53:47.000Z",
|
||
|
"pattern": "[domain-name:value = 'christakranzl.at']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87125-3ff8-4a35-b794-4bc3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:47.000Z",
|
||
|
"modified": "2017-11-01T18:53:47.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:47Z",
|
||
|
"last_observed": "2017-11-01T18:53:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87125-3ff8-4a35-b794-4bc3950d210f",
|
||
|
"ipv4-addr--59f87125-3ff8-4a35-b794-4bc3950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87125-3ff8-4a35-b794-4bc3950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87125-3ff8-4a35-b794-4bc3950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87125-3ff8-4a35-b794-4bc3950d210f",
|
||
|
"value": "88.198.9.176"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87125-d35c-467c-83b0-4039950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[url:value = 'http://cornertape.net/eiuhf384']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87125-79b8-4447-9337-4caa950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'cornertape.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87126-d768-4de0-b5d2-4c15950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87126-d768-4de0-b5d2-4c15950d210f",
|
||
|
"ipv4-addr--59f87126-d768-4de0-b5d2-4c15950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87126-d768-4de0-b5d2-4c15950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87126-d768-4de0-b5d2-4c15950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87126-d768-4de0-b5d2-4c15950d210f",
|
||
|
"value": "62.50.188.17"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87126-821c-4f45-b217-4499950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[url:value = 'http://claridge-holdings.com/eiuhf384']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87126-4e68-482c-938a-4654950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'claridge-holdings.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87126-b338-43b5-8597-4bbd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87126-b338-43b5-8597-4bbd950d210f",
|
||
|
"ipv4-addr--59f87126-b338-43b5-8597-4bbd950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87126-b338-43b5-8597-4bbd950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87126-b338-43b5-8597-4bbd950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87126-b338-43b5-8597-4bbd950d210f",
|
||
|
"value": "202.160.120.194"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87127-b2c8-444e-803e-47f6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[url:value = 'http://dvprojekt.hr/eiuhf384']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87127-eb3c-483a-9321-47cd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'dvprojekt.hr']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87127-856c-4091-bfe4-431e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87127-856c-4091-bfe4-431e950d210f",
|
||
|
"ipv4-addr--59f87127-856c-4091-bfe4-431e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87127-856c-4091-bfe4-431e950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87127-856c-4091-bfe4-431e950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87127-856c-4091-bfe4-431e950d210f",
|
||
|
"value": "213.202.100.90"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87127-4b38-41a9-b74c-4581950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[url:value = 'http://projex-dz.com/i8745fydd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87128-4560-41b4-8996-4657950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'projex-dz.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87128-2080-42bb-b8cd-41ec950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87128-2080-42bb-b8cd-41ec950d210f",
|
||
|
"ipv4-addr--59f87128-2080-42bb-b8cd-41ec950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87128-2080-42bb-b8cd-41ec950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87128-2080-42bb-b8cd-41ec950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87128-2080-42bb-b8cd-41ec950d210f",
|
||
|
"value": "5.196.81.12"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87128-f1d0-4877-a57b-4afd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[url:value = 'http://celebrityonline.cz/i8745fydd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87128-6630-488d-8671-40e2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'celebrityonline.cz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87129-5114-40c2-9be1-4282950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87129-5114-40c2-9be1-4282950d210f",
|
||
|
"ipv4-addr--59f87129-5114-40c2-9be1-4282950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87129-5114-40c2-9be1-4282950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87129-5114-40c2-9be1-4282950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87129-5114-40c2-9be1-4282950d210f",
|
||
|
"value": "78.24.8.144"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87129-54e0-4bc2-9d7a-4059950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[url:value = 'http://sigmanet.gr/i8745fydd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f87129-e024-4779-883c-4510950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'sigmanet.gr']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f8712a-1134-4ab7-acd7-429f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f8712a-1134-4ab7-acd7-429f950d210f",
|
||
|
"ipv4-addr--59f8712a-1134-4ab7-acd7-429f950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f8712a-1134-4ab7-acd7-429f950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f8712a-1134-4ab7-acd7-429f950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f8712a-1134-4ab7-acd7-429f950d210f",
|
||
|
"value": "185.25.20.13"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f8712a-7ef8-46ea-8a42-4404950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[url:value = 'http://apply.pam-innovation.com/i8745fydd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f8712a-3700-4375-93ea-4039950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'apply.pam-innovation.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f8712b-ef4c-481c-9630-4972950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f8712b-ef4c-481c-9630-4972950d210f",
|
||
|
"ipv4-addr--59f8712b-ef4c-481c-9630-4972950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f8712b-ef4c-481c-9630-4972950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f8712b-ef4c-481c-9630-4972950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f8712b-ef4c-481c-9630-4972950d210f",
|
||
|
"value": "202.129.207.71"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f8712b-c1b8-4210-a57e-4c5a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[url:value = 'http://bwos.be/i8745fydd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f8712c-c984-41a0-94e5-4409950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'bwos.be']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f8712c-50b4-49d5-b63b-4925950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f8712c-50b4-49d5-b63b-4925950d210f",
|
||
|
"ipv4-addr--59f8712c-50b4-49d5-b63b-4925950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f8712c-50b4-49d5-b63b-4925950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f8712c-50b4-49d5-b63b-4925950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f8712c-50b4-49d5-b63b-4925950d210f",
|
||
|
"value": "91.121.34.121"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f8712c-3040-49eb-8bc3-41de950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[url:value = 'http://zahntechnik-imlau.de/i8745fydd']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f8712c-8910-4767-a196-4d97950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'zahntechnik-imlau.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f8712d-8d10-48a8-ac9d-4330950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f8712d-8d10-48a8-ac9d-4330950d210f",
|
||
|
"ipv4-addr--59f8712d-8d10-48a8-ac9d-4330950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f8712d-8d10-48a8-ac9d-4330950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f8712d-8d10-48a8-ac9d-4330950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f8712d-8d10-48a8-ac9d-4330950d210f",
|
||
|
"value": "185.138.24.185"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f8712d-5c84-49fa-8d9e-4a01950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[url:value = 'http://fetchstats.net/']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f8712d-d5f4-4a82-86b7-4894950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'fetchstats.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f8714b-c2f8-40ec-98f7-4de9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[url:value = 'http://kengray.com/iudsfy7834']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f8714c-1ae4-4fb1-bb33-4039950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'kengray.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f8714c-24bc-4e7b-b3ad-49ef950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f8714c-24bc-4e7b-b3ad-49ef950d210f",
|
||
|
"ipv4-addr--59f8714c-24bc-4e7b-b3ad-49ef950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f8714c-24bc-4e7b-b3ad-49ef950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f8714c-24bc-4e7b-b3ad-49ef950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f8714c-24bc-4e7b-b3ad-49ef950d210f",
|
||
|
"value": "209.239.114.217"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f8714c-07b0-4118-98c0-4e41950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[url:value = 'http://hobbystube.net/dkjshfg643']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59f8714d-9288-4422-b1c9-468e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'hobbystube.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f8714d-b6dc-49ed-b0c3-4657950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f8714d-b6dc-49ed-b0c3-4657950d210f",
|
||
|
"ipv4-addr--59f8714d-b6dc-49ed-b0c3-4657950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f8714d-b6dc-49ed-b0c3-4657950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f8714d-b6dc-49ed-b0c3-4657950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f8714d-b6dc-49ed-b0c3-4657950d210f",
|
||
|
"value": "83.220.128.111"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f8714d-2c10-4d3d-938e-47a1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f8714d-2c10-4d3d-938e-47a1950d210f",
|
||
|
"ipv4-addr--59f8714d-2c10-4d3d-938e-47a1950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f8714d-2c10-4d3d-938e-47a1950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f8714d-2c10-4d3d-938e-47a1950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f8714d-2c10-4d3d-938e-47a1950d210f",
|
||
|
"value": "176.120.126.21"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f8714d-208c-4673-849e-40af950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f8714d-208c-4673-849e-40af950d210f",
|
||
|
"ipv4-addr--59f8714d-208c-4673-849e-40af950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f8714d-208c-4673-849e-40af950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f8714d-208c-4673-849e-40af950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f8714d-208c-4673-849e-40af950d210f",
|
||
|
"value": "156.17.92.161"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f8714e-6aec-4a17-915e-435d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f8714e-6aec-4a17-915e-435d950d210f",
|
||
|
"ipv4-addr--59f8714e-6aec-4a17-915e-435d950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f8714e-6aec-4a17-915e-435d950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f8714e-6aec-4a17-915e-435d950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f8714e-6aec-4a17-915e-435d950d210f",
|
||
|
"value": "187.191.0.42"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f8714e-933c-46d7-8a8d-4d16950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f8714e-933c-46d7-8a8d-4d16950d210f",
|
||
|
"ipv4-addr--59f8714e-933c-46d7-8a8d-4d16950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f8714e-933c-46d7-8a8d-4d16950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f8714e-933c-46d7-8a8d-4d16950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f8714e-933c-46d7-8a8d-4d16950d210f",
|
||
|
"value": "181.211.34.154"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f8714e-d304-4a22-87f3-4a58950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f8714e-d304-4a22-87f3-4a58950d210f",
|
||
|
"ipv4-addr--59f8714e-d304-4a22-87f3-4a58950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f8714e-d304-4a22-87f3-4a58950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f8714e-d304-4a22-87f3-4a58950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f8714e-d304-4a22-87f3-4a58950d210f",
|
||
|
"value": "200.117.251.52"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f8714f-3c7c-4762-a078-49c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f8714f-3c7c-4762-a078-49c9950d210f",
|
||
|
"ipv4-addr--59f8714f-3c7c-4762-a078-49c9950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f8714f-3c7c-4762-a078-49c9950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f8714f-3c7c-4762-a078-49c9950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f8714f-3c7c-4762-a078-49c9950d210f",
|
||
|
"value": "78.24.217.88"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f8714f-ec74-4d31-839c-4c1e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f8714f-ec74-4d31-839c-4c1e950d210f",
|
||
|
"ipv4-addr--59f8714f-ec74-4d31-839c-4c1e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f8714f-ec74-4d31-839c-4c1e950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f8714f-ec74-4d31-839c-4c1e950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f8714f-ec74-4d31-839c-4c1e950d210f",
|
||
|
"value": "62.109.1.68"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87150-7be4-4e16-9d48-45c4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87150-7be4-4e16-9d48-45c4950d210f",
|
||
|
"ipv4-addr--59f87150-7be4-4e16-9d48-45c4950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87150-7be4-4e16-9d48-45c4950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87150-7be4-4e16-9d48-45c4950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87150-7be4-4e16-9d48-45c4950d210f",
|
||
|
"value": "195.133.147.74"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87150-97e8-4679-959a-4650950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87150-97e8-4679-959a-4650950d210f",
|
||
|
"ipv4-addr--59f87150-97e8-4679-959a-4650950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87150-97e8-4679-959a-4650950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87150-97e8-4679-959a-4650950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87150-97e8-4679-959a-4650950d210f",
|
||
|
"value": "195.133.146.117"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87150-65fc-405f-8a78-4122950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87150-65fc-405f-8a78-4122950d210f",
|
||
|
"ipv4-addr--59f87150-65fc-405f-8a78-4122950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87150-65fc-405f-8a78-4122950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87150-65fc-405f-8a78-4122950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87150-65fc-405f-8a78-4122950d210f",
|
||
|
"value": "195.133.146.122"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87150-d200-4460-89a9-4bdb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87150-d200-4460-89a9-4bdb950d210f",
|
||
|
"ipv4-addr--59f87150-d200-4460-89a9-4bdb950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87150-d200-4460-89a9-4bdb950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87150-d200-4460-89a9-4bdb950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87150-d200-4460-89a9-4bdb950d210f",
|
||
|
"value": "78.24.222.226"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87151-a3d4-4ead-9b2e-48b2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87151-a3d4-4ead-9b2e-48b2950d210f",
|
||
|
"ipv4-addr--59f87151-a3d4-4ead-9b2e-48b2950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87151-a3d4-4ead-9b2e-48b2950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87151-a3d4-4ead-9b2e-48b2950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87151-a3d4-4ead-9b2e-48b2950d210f",
|
||
|
"value": "95.213.252.23"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87152-1cac-4e3a-9fbb-4372950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87152-1cac-4e3a-9fbb-4372950d210f",
|
||
|
"ipv4-addr--59f87152-1cac-4e3a-9fbb-4372950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87152-1cac-4e3a-9fbb-4372950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87152-1cac-4e3a-9fbb-4372950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87152-1cac-4e3a-9fbb-4372950d210f",
|
||
|
"value": "95.213.251.95"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87152-22dc-4901-8785-4c5c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87152-22dc-4901-8785-4c5c950d210f",
|
||
|
"ipv4-addr--59f87152-22dc-4901-8785-4c5c950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87152-22dc-4901-8785-4c5c950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87152-22dc-4901-8785-4c5c950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87152-22dc-4901-8785-4c5c950d210f",
|
||
|
"value": "194.87.93.55"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87152-5764-4606-b6ef-4039950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87152-5764-4606-b6ef-4039950d210f",
|
||
|
"ipv4-addr--59f87152-5764-4606-b6ef-4039950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87152-5764-4606-b6ef-4039950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87152-5764-4606-b6ef-4039950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87152-5764-4606-b6ef-4039950d210f",
|
||
|
"value": "62.109.8.186"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87152-9b78-451b-bfa3-4821950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87152-9b78-451b-bfa3-4821950d210f",
|
||
|
"ipv4-addr--59f87152-9b78-451b-bfa3-4821950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87152-9b78-451b-bfa3-4821950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87152-9b78-451b-bfa3-4821950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87152-9b78-451b-bfa3-4821950d210f",
|
||
|
"value": "188.120.246.189"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87153-ba3c-483c-9839-4098950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87153-ba3c-483c-9839-4098950d210f",
|
||
|
"ipv4-addr--59f87153-ba3c-483c-9839-4098950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87153-ba3c-483c-9839-4098950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87153-ba3c-483c-9839-4098950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87153-ba3c-483c-9839-4098950d210f",
|
||
|
"value": "194.87.98.249"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87153-2e0c-4202-9a61-4657950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87153-2e0c-4202-9a61-4657950d210f",
|
||
|
"ipv4-addr--59f87153-2e0c-4202-9a61-4657950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87153-2e0c-4202-9a61-4657950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87153-2e0c-4202-9a61-4657950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87153-2e0c-4202-9a61-4657950d210f",
|
||
|
"value": "95.213.195.174"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87153-7ffc-489f-a123-4378950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87153-7ffc-489f-a123-4378950d210f",
|
||
|
"ipv4-addr--59f87153-7ffc-489f-a123-4378950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87153-7ffc-489f-a123-4378950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87153-7ffc-489f-a123-4378950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87153-7ffc-489f-a123-4378950d210f",
|
||
|
"value": "185.143.173.244"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87153-2e7c-4189-95c3-4fa6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87153-2e7c-4189-95c3-4fa6950d210f",
|
||
|
"ipv4-addr--59f87153-2e7c-4189-95c3-4fa6950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87153-2e7c-4189-95c3-4fa6950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87153-2e7c-4189-95c3-4fa6950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87153-2e7c-4189-95c3-4fa6950d210f",
|
||
|
"value": "194.87.110.113"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87154-5ec0-4445-ae49-4198950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87154-5ec0-4445-ae49-4198950d210f",
|
||
|
"ipv4-addr--59f87154-5ec0-4445-ae49-4198950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87154-5ec0-4445-ae49-4198950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87154-5ec0-4445-ae49-4198950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87154-5ec0-4445-ae49-4198950d210f",
|
||
|
"value": "179.43.147.241"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87154-e794-4893-b78e-4c58950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87154-e794-4893-b78e-4c58950d210f",
|
||
|
"ipv4-addr--59f87154-e794-4893-b78e-4c58950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87154-e794-4893-b78e-4c58950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87154-e794-4893-b78e-4c58950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87154-e794-4893-b78e-4c58950d210f",
|
||
|
"value": "82.146.43.178"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87154-1554-459a-98c7-4429950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87154-1554-459a-98c7-4429950d210f",
|
||
|
"ipv4-addr--59f87154-1554-459a-98c7-4429950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87154-1554-459a-98c7-4429950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87154-1554-459a-98c7-4429950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87154-1554-459a-98c7-4429950d210f",
|
||
|
"value": "185.158.114.114"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87155-58b4-43c8-932f-4248950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87155-58b4-43c8-932f-4248950d210f",
|
||
|
"ipv4-addr--59f87155-58b4-43c8-932f-4248950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87155-58b4-43c8-932f-4248950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87155-58b4-43c8-932f-4248950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87155-58b4-43c8-932f-4248950d210f",
|
||
|
"value": "62.109.10.93"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59f87155-6cac-48a9-8dca-4e5b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59f87155-6cac-48a9-8dca-4e5b950d210f",
|
||
|
"ipv4-addr--59f87155-6cac-48a9-8dca-4e5b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59f87155-6cac-48a9-8dca-4e5b950d210f",
|
||
|
"dst_ref": "ipv4-addr--59f87155-6cac-48a9-8dca-4e5b950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59f87155-6cac-48a9-8dca-4e5b950d210f",
|
||
|
"value": "185.34.52.236"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59fa183c-8a6c-4218-8271-1ad302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"description": "- Xchecked via VT: e67b2f58896059cce8c6ff83c5737687",
|
||
|
"pattern": "[file:hashes.SHA256 = '9d2ce15fd9112d52fa09c543527ef0b5bf07eb4c07794931c5768e403c167d49']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59fa183c-a688-48ed-9d1b-1ad302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"description": "- Xchecked via VT: e67b2f58896059cce8c6ff83c5737687",
|
||
|
"pattern": "[file:hashes.SHA1 = 'b39d9320806573fdb49f5f9dc0307c4fbcd9c327']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59fa183d-ac44-48bb-84fc-1ad302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:48.000Z",
|
||
|
"modified": "2017-11-01T18:53:48.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:48Z",
|
||
|
"last_observed": "2017-11-01T18:53:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59fa183d-ac44-48bb-84fc-1ad302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59fa183d-ac44-48bb-84fc-1ad302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/9d2ce15fd9112d52fa09c543527ef0b5bf07eb4c07794931c5768e403c167d49/analysis/1509513298/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59fa183d-8f68-422e-9cc5-1ad302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:49.000Z",
|
||
|
"modified": "2017-11-01T18:53:49.000Z",
|
||
|
"description": "- Xchecked via VT: 1916150b3356fe6e6da7ec2e2a78e189",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd97be402740f6a0fc70c90751f499943bf26f7c00791d46432889f1bedf9dbd2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59fa183d-fbb4-45e8-b2e4-1ad302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:49.000Z",
|
||
|
"modified": "2017-11-01T18:53:49.000Z",
|
||
|
"description": "- Xchecked via VT: 1916150b3356fe6e6da7ec2e2a78e189",
|
||
|
"pattern": "[file:hashes.SHA1 = '7e8bf6cc4bb2540dce895244347a017565fddbc5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-01T18:53:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59fa183d-8348-4ca4-bbec-1ad302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-01T18:53:49.000Z",
|
||
|
"modified": "2017-11-01T18:53:49.000Z",
|
||
|
"first_observed": "2017-11-01T18:53:49Z",
|
||
|
"last_observed": "2017-11-01T18:53:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59fa183d-8348-4ca4-bbec-1ad302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59fa183d-8348-4ca4-bbec-1ad302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/d97be402740f6a0fc70c90751f499943bf26f7c00791d46432889f1bedf9dbd2/analysis/1509502196/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|