1583 lines
63 KiB
JSON
1583 lines
63 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5a04510c-b2d0-467b-97a3-75a9950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:15.000Z",
|
||
|
"modified": "2017-11-09T21:07:15.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5a04510c-b2d0-467b-97a3-75a9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:15.000Z",
|
||
|
"modified": "2017-11-09T21:07:15.000Z",
|
||
|
"name": "M2M - Locky 2017-11-06 : Affid=3, \".asasin\" : \"E3S1234567890123 Payment advice\" - \"advice_123456_20171106.doc\"",
|
||
|
"published": "2017-11-09T21:08:03Z",
|
||
|
"object_refs": [
|
||
|
"indicator--5a04510d-6f08-4fcb-9abc-46e9950d210f",
|
||
|
"indicator--5a04510d-85ec-4e5c-9bdd-cdb4950d210f",
|
||
|
"indicator--5a04510e-48d0-4681-9f11-2214950d210f",
|
||
|
"indicator--5a04510e-db8c-48d9-aca7-cda3950d210f",
|
||
|
"indicator--5a04510f-9ca4-463c-ba53-cc6f950d210f",
|
||
|
"indicator--5a04510f-0f10-477f-8ab5-42bf950d210f",
|
||
|
"observed-data--5a04510f-2938-4aa9-81a8-cdab950d210f",
|
||
|
"network-traffic--5a04510f-2938-4aa9-81a8-cdab950d210f",
|
||
|
"ipv4-addr--5a04510f-2938-4aa9-81a8-cdab950d210f",
|
||
|
"indicator--5a04510f-5834-4227-8b16-717b950d210f",
|
||
|
"indicator--5a04510f-1ad0-4c01-9e82-4220950d210f",
|
||
|
"observed-data--5a045110-4374-44ef-8ca7-cdb4950d210f",
|
||
|
"network-traffic--5a045110-4374-44ef-8ca7-cdb4950d210f",
|
||
|
"ipv4-addr--5a045110-4374-44ef-8ca7-cdb4950d210f",
|
||
|
"indicator--5a045110-3dc4-4a5d-a5fb-2214950d210f",
|
||
|
"indicator--5a045110-3fa8-44dd-8070-cda3950d210f",
|
||
|
"observed-data--5a045110-84a0-42e2-8e81-49ea950d210f",
|
||
|
"network-traffic--5a045110-84a0-42e2-8e81-49ea950d210f",
|
||
|
"ipv4-addr--5a045110-84a0-42e2-8e81-49ea950d210f",
|
||
|
"indicator--5a045110-0ec8-43e0-a33c-4b46950d210f",
|
||
|
"indicator--5a045111-c574-43be-88e4-4285950d210f",
|
||
|
"observed-data--5a045111-6edc-4521-8077-cc6f950d210f",
|
||
|
"network-traffic--5a045111-6edc-4521-8077-cc6f950d210f",
|
||
|
"ipv4-addr--5a045111-6edc-4521-8077-cc6f950d210f",
|
||
|
"indicator--5a045111-cea0-42db-8311-48e7950d210f",
|
||
|
"indicator--5a045111-c028-4d9e-833a-cdab950d210f",
|
||
|
"observed-data--5a045111-0bc4-4d02-83cc-20a6950d210f",
|
||
|
"network-traffic--5a045111-0bc4-4d02-83cc-20a6950d210f",
|
||
|
"ipv4-addr--5a045111-0bc4-4d02-83cc-20a6950d210f",
|
||
|
"indicator--5a045112-d638-4a03-9431-4f44950d210f",
|
||
|
"indicator--5a045112-6224-4889-802c-cdb4950d210f",
|
||
|
"observed-data--5a045112-21b8-48b3-9d83-cdb1950d210f",
|
||
|
"network-traffic--5a045112-21b8-48b3-9d83-cdb1950d210f",
|
||
|
"ipv4-addr--5a045112-21b8-48b3-9d83-cdb1950d210f",
|
||
|
"indicator--5a045112-1a60-44cd-bc92-cda3950d210f",
|
||
|
"indicator--5a045113-45a4-4db1-a60e-cd7d950d210f",
|
||
|
"observed-data--5a045113-9e44-49dd-9032-4b57950d210f",
|
||
|
"network-traffic--5a045113-9e44-49dd-9032-4b57950d210f",
|
||
|
"ipv4-addr--5a045113-9e44-49dd-9032-4b57950d210f",
|
||
|
"observed-data--5a045113-6d64-465a-bcb8-75a9950d210f",
|
||
|
"url--5a045113-6d64-465a-bcb8-75a9950d210f",
|
||
|
"observed-data--5a045113-54c0-4ad0-ab03-4756950d210f",
|
||
|
"url--5a045113-54c0-4ad0-ab03-4756950d210f",
|
||
|
"indicator--5a045114-54ec-4dd0-a020-717b950d210f",
|
||
|
"observed-data--5a045114-77fc-40ef-b3be-4c35950d210f",
|
||
|
"network-traffic--5a045114-77fc-40ef-b3be-4c35950d210f",
|
||
|
"ipv4-addr--5a045114-77fc-40ef-b3be-4c35950d210f",
|
||
|
"indicator--5a045114-d8a0-4dcc-8631-44c0950d210f",
|
||
|
"observed-data--5a045115-07c4-4c02-9ba9-2214950d210f",
|
||
|
"network-traffic--5a045115-07c4-4c02-9ba9-2214950d210f",
|
||
|
"ipv4-addr--5a045115-07c4-4c02-9ba9-2214950d210f",
|
||
|
"indicator--5a045115-9904-49a4-898d-cda3950d210f",
|
||
|
"observed-data--5a045115-9484-4c01-8faf-46bd950d210f",
|
||
|
"network-traffic--5a045115-9484-4c01-8faf-46bd950d210f",
|
||
|
"ipv4-addr--5a045115-9484-4c01-8faf-46bd950d210f",
|
||
|
"indicator--5a045115-46d4-4c43-912e-44ec950d210f",
|
||
|
"observed-data--5a045115-44d8-4d7b-9026-75a9950d210f",
|
||
|
"network-traffic--5a045115-44d8-4d7b-9026-75a9950d210f",
|
||
|
"ipv4-addr--5a045115-44d8-4d7b-9026-75a9950d210f",
|
||
|
"indicator--5a045116-36cc-43d5-a62b-cc6f950d210f",
|
||
|
"indicator--5a045116-1dc0-4f67-9b30-4f57950d210f",
|
||
|
"observed-data--5a045116-b2d0-4957-bec5-4e3b950d210f",
|
||
|
"network-traffic--5a045116-b2d0-4957-bec5-4e3b950d210f",
|
||
|
"ipv4-addr--5a045116-b2d0-4957-bec5-4e3b950d210f",
|
||
|
"indicator--5a045116-fc5c-43f5-b9cb-717b950d210f",
|
||
|
"observed-data--5a045117-10d0-47e9-8f94-412e950d210f",
|
||
|
"network-traffic--5a045117-10d0-47e9-8f94-412e950d210f",
|
||
|
"ipv4-addr--5a045117-10d0-47e9-8f94-412e950d210f",
|
||
|
"indicator--5a045117-5bf0-43e7-95cf-4345950d210f",
|
||
|
"observed-data--5a045117-10c4-491a-8e69-2214950d210f",
|
||
|
"network-traffic--5a045117-10c4-491a-8e69-2214950d210f",
|
||
|
"ipv4-addr--5a045117-10c4-491a-8e69-2214950d210f",
|
||
|
"indicator--5a045117-f2cc-4a1f-8dcb-cda3950d210f",
|
||
|
"indicator--5a045137-359c-4477-8abb-20a6950d210f",
|
||
|
"indicator--5a045137-0038-4640-8665-cdb4950d210f",
|
||
|
"indicator--5a045137-75e8-4c38-9d96-4aa0950d210f",
|
||
|
"indicator--5a045138-872c-4a85-9691-cc6f950d210f",
|
||
|
"indicator--5a045138-2ac4-46b6-816b-20a6950d210f",
|
||
|
"indicator--5a045139-ba58-45cf-a34f-444b950d210f",
|
||
|
"indicator--5a045139-6b84-4a74-9c65-448a950d210f",
|
||
|
"indicator--5a04513a-359c-4d35-9f9c-75a9950d210f",
|
||
|
"indicator--5a04513a-a3f4-40a2-b834-20a6950d210f",
|
||
|
"observed-data--5a04c375-1448-4e4d-8820-4b6302de0b81",
|
||
|
"url--5a04c375-1448-4e4d-8820-4b6302de0b81",
|
||
|
"indicator--5a04c375-301c-47df-9482-44b902de0b81",
|
||
|
"indicator--5a04c375-ef78-4d94-849c-407d02de0b81",
|
||
|
"observed-data--5a04c375-005c-4bc3-b01e-44a002de0b81",
|
||
|
"url--5a04c375-005c-4bc3-b01e-44a002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"ecsirt:malicious-code=\"ransomware\"",
|
||
|
"misp-galaxy:ransomware=\"Locky\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a04510d-6f08-4fcb-9abc-46e9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '804156021313adfee00e9406f8de1031']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a04510d-85ec-4e5c-9bdd-cdb4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'deed16eadb1a270dfc54daf84f53aad6']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a04510e-48d0-4681-9f11-2214950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd39e97a9ff6dceb4e8430036f43fb187b8a80003']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a04510e-db8c-48d9-aca7-cda3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '3a5f35fceebf1626dbd11f81bf20656061ab0d1fa100a3fd0aae77edfa859cd5']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a04510f-9ca4-463c-ba53-cc6f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[url:value = 'http://primeassociatesinc.com/12']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a04510f-0f10-477f-8ab5-42bf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'primeassociatesinc.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a04510f-2938-4aa9-81a8-cdab950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:00Z",
|
||
|
"last_observed": "2017-11-09T21:07:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a04510f-2938-4aa9-81a8-cdab950d210f",
|
||
|
"ipv4-addr--5a04510f-2938-4aa9-81a8-cdab950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a04510f-2938-4aa9-81a8-cdab950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a04510f-2938-4aa9-81a8-cdab950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a04510f-2938-4aa9-81a8-cdab950d210f",
|
||
|
"value": "209.54.51.32"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a04510f-5834-4227-8b16-717b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[url:value = 'http://ro.isuzu.it/12']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a04510f-1ad0-4c01-9e82-4220950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'ro.isuzu.it']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045110-4374-44ef-8ca7-cdb4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:00Z",
|
||
|
"last_observed": "2017-11-09T21:07:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a045110-4374-44ef-8ca7-cdb4950d210f",
|
||
|
"ipv4-addr--5a045110-4374-44ef-8ca7-cdb4950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a045110-4374-44ef-8ca7-cdb4950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a045110-4374-44ef-8ca7-cdb4950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a045110-4374-44ef-8ca7-cdb4950d210f",
|
||
|
"value": "95.110.189.247"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045110-3dc4-4a5d-a5fb-2214950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[url:value = 'http://saranville.com/12']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045110-3fa8-44dd-8070-cda3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'saranville.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045110-84a0-42e2-8e81-49ea950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:00Z",
|
||
|
"last_observed": "2017-11-09T21:07:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a045110-84a0-42e2-8e81-49ea950d210f",
|
||
|
"ipv4-addr--5a045110-84a0-42e2-8e81-49ea950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a045110-84a0-42e2-8e81-49ea950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a045110-84a0-42e2-8e81-49ea950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a045110-84a0-42e2-8e81-49ea950d210f",
|
||
|
"value": "27.254.148.14"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045110-0ec8-43e0-a33c-4b46950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[url:value = 'http://studio311.de/12']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045111-c574-43be-88e4-4285950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'studio311.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045111-6edc-4521-8077-cc6f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:00Z",
|
||
|
"last_observed": "2017-11-09T21:07:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a045111-6edc-4521-8077-cc6f950d210f",
|
||
|
"ipv4-addr--5a045111-6edc-4521-8077-cc6f950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a045111-6edc-4521-8077-cc6f950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a045111-6edc-4521-8077-cc6f950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a045111-6edc-4521-8077-cc6f950d210f",
|
||
|
"value": "217.182.199.8"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045111-cea0-42db-8311-48e7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[url:value = 'http://testbxc.u-host.ru/12']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045111-c028-4d9e-833a-cdab950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'testbxc.u-host.ru']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045111-0bc4-4d02-83cc-20a6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:00Z",
|
||
|
"last_observed": "2017-11-09T21:07:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a045111-0bc4-4d02-83cc-20a6950d210f",
|
||
|
"ipv4-addr--5a045111-0bc4-4d02-83cc-20a6950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a045111-0bc4-4d02-83cc-20a6950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a045111-0bc4-4d02-83cc-20a6950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a045111-0bc4-4d02-83cc-20a6950d210f",
|
||
|
"value": "212.220.124.233"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045112-d638-4a03-9431-4f44950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[url:value = 'http://themollymalone.es/12']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045112-6224-4889-802c-cdb4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'themollymalone.es']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045112-21b8-48b3-9d83-cdb1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:00Z",
|
||
|
"last_observed": "2017-11-09T21:07:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a045112-21b8-48b3-9d83-cdb1950d210f",
|
||
|
"ipv4-addr--5a045112-21b8-48b3-9d83-cdb1950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a045112-21b8-48b3-9d83-cdb1950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a045112-21b8-48b3-9d83-cdb1950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a045112-21b8-48b3-9d83-cdb1950d210f",
|
||
|
"value": "37.247.120.83"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045112-1a60-44cd-bc92-cda3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[url:value = 'http://xn--buremrt-9wa.ch/12']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045113-45a4-4db1-a60e-cd7d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'xn--buremrt-9wa.ch']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045113-9e44-49dd-9032-4b57950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:00Z",
|
||
|
"last_observed": "2017-11-09T21:07:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a045113-9e44-49dd-9032-4b57950d210f",
|
||
|
"ipv4-addr--5a045113-9e44-49dd-9032-4b57950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a045113-9e44-49dd-9032-4b57950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a045113-9e44-49dd-9032-4b57950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a045113-9e44-49dd-9032-4b57950d210f",
|
||
|
"value": "82.98.87.48"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045113-6d64-465a-bcb8-75a9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:00Z",
|
||
|
"last_observed": "2017-11-09T21:07:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5a045113-6d64-465a-bcb8-75a9950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5a045113-6d64-465a-bcb8-75a9950d210f",
|
||
|
"value": "https://www.virustotal.com/#/file/3a5f35fceebf1626dbd11f81bf20656061ab0d1fa100a3fd0aae77edfa859cd5/detection"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045113-54c0-4ad0-ab03-4756950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:00Z",
|
||
|
"last_observed": "2017-11-09T21:07:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5a045113-54c0-4ad0-ab03-4756950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5a045113-54c0-4ad0-ab03-4756950d210f",
|
||
|
"value": "https://www.hybrid-analysis.com/sample/3a5f35fceebf1626dbd11f81bf20656061ab0d1fa100a3fd0aae77edfa859cd5?environmentId=100"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045114-54ec-4dd0-a020-717b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'maeserdruck.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045114-77fc-40ef-b3be-4c35950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:00Z",
|
||
|
"last_observed": "2017-11-09T21:07:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a045114-77fc-40ef-b3be-4c35950d210f",
|
||
|
"ipv4-addr--5a045114-77fc-40ef-b3be-4c35950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a045114-77fc-40ef-b3be-4c35950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a045114-77fc-40ef-b3be-4c35950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a045114-77fc-40ef-b3be-4c35950d210f",
|
||
|
"value": "194.208.76.18"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045114-d8a0-4dcc-8631-44c0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'lvps212-67-205-60.vps.webfusion.co.uk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045115-07c4-4c02-9ba9-2214950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:00.000Z",
|
||
|
"modified": "2017-11-09T21:07:00.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:00Z",
|
||
|
"last_observed": "2017-11-09T21:07:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a045115-07c4-4c02-9ba9-2214950d210f",
|
||
|
"ipv4-addr--5a045115-07c4-4c02-9ba9-2214950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a045115-07c4-4c02-9ba9-2214950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a045115-07c4-4c02-9ba9-2214950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a045115-07c4-4c02-9ba9-2214950d210f",
|
||
|
"value": "212.67.205.60"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045115-9904-49a4-898d-cda3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[domain-name:value = 'ist-profy.ru']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045115-9484-4c01-8faf-46bd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:01Z",
|
||
|
"last_observed": "2017-11-09T21:07:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a045115-9484-4c01-8faf-46bd950d210f",
|
||
|
"ipv4-addr--5a045115-9484-4c01-8faf-46bd950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a045115-9484-4c01-8faf-46bd950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a045115-9484-4c01-8faf-46bd950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a045115-9484-4c01-8faf-46bd950d210f",
|
||
|
"value": "90.156.144.159"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045115-46d4-4c43-912e-44ec950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[domain-name:value = 'hilaryandsavio.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045115-44d8-4d7b-9026-75a9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:01Z",
|
||
|
"last_observed": "2017-11-09T21:07:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a045115-44d8-4d7b-9026-75a9950d210f",
|
||
|
"ipv4-addr--5a045115-44d8-4d7b-9026-75a9950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a045115-44d8-4d7b-9026-75a9950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a045115-44d8-4d7b-9026-75a9950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a045115-44d8-4d7b-9026-75a9950d210f",
|
||
|
"value": "72.249.127.194"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045116-36cc-43d5-a62b-cc6f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[domain-name:value = 'nikom.be']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045116-1dc0-4f67-9b30-4f57950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[domain-name:value = 'l-up.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045116-b2d0-4957-bec5-4e3b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:01Z",
|
||
|
"last_observed": "2017-11-09T21:07:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a045116-b2d0-4957-bec5-4e3b950d210f",
|
||
|
"ipv4-addr--5a045116-b2d0-4957-bec5-4e3b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a045116-b2d0-4957-bec5-4e3b950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a045116-b2d0-4957-bec5-4e3b950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a045116-b2d0-4957-bec5-4e3b950d210f",
|
||
|
"value": "89.104.72.196"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045116-fc5c-43f5-b9cb-717b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[domain-name:value = 'michelsmarkt.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045117-10d0-47e9-8f94-412e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:01Z",
|
||
|
"last_observed": "2017-11-09T21:07:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a045117-10d0-47e9-8f94-412e950d210f",
|
||
|
"ipv4-addr--5a045117-10d0-47e9-8f94-412e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a045117-10d0-47e9-8f94-412e950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a045117-10d0-47e9-8f94-412e950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a045117-10d0-47e9-8f94-412e950d210f",
|
||
|
"value": "173.212.228.135"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045117-5bf0-43e7-95cf-4345950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[domain-name:value = 'jimhalltreeservice.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a045117-10c4-491a-8e69-2214950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:01Z",
|
||
|
"last_observed": "2017-11-09T21:07:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a045117-10c4-491a-8e69-2214950d210f",
|
||
|
"ipv4-addr--5a045117-10c4-491a-8e69-2214950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a045117-10c4-491a-8e69-2214950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a045117-10c4-491a-8e69-2214950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a045117-10c4-491a-8e69-2214950d210f",
|
||
|
"value": "74.200.89.171"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045117-f2cc-4a1f-8dcb-cda3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[domain-name:value = 'toftinrontonsfo.info']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045137-359c-4477-8abb-20a6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[url:value = 'http://lvps212-67-205-60.vps.webfusion.co.uk/mnbv374']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045137-0038-4640-8665-cdb4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[url:value = 'http://ist-profy.ru/mnbv374']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045137-75e8-4c38-9d96-4aa0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[url:value = 'http://maeserdruck.com/mnbv374']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045138-872c-4a85-9691-cc6f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[url:value = 'http://hilaryandsavio.com/mnbv374']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045138-2ac4-46b6-816b-20a6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[url:value = 'http://nikom.be/mnbv374']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045139-ba58-45cf-a34f-444b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[url:value = 'http://l-up.net/mnbv374']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a045139-6b84-4a74-9c65-448a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[url:value = 'http://michelsmarkt.de/mnbv374']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a04513a-359c-4d35-9f9c-75a9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[url:value = 'http://jimhalltreeservice.com/mnbv374']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a04513a-a3f4-40a2-b834-20a6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"pattern": "[url:value = 'http://toftinrontonsfo.info/p66/mnbv374']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a04c375-1448-4e4d-8820-4b6302de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:01Z",
|
||
|
"last_observed": "2017-11-09T21:07:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5a04c375-1448-4e4d-8820-4b6302de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5a04c375-1448-4e4d-8820-4b6302de0b81",
|
||
|
"value": "https://www.virustotal.com/file/3a5f35fceebf1626dbd11f81bf20656061ab0d1fa100a3fd0aae77edfa859cd5/analysis/1510123961/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a04c375-301c-47df-9482-44b902de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"description": "- Xchecked via VT: deed16eadb1a270dfc54daf84f53aad6",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e49c6973ddcc601cfb85b451e122903b1a9c036c8baafc35cb327f76b998c537']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a04c375-ef78-4d94-849c-407d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"description": "- Xchecked via VT: deed16eadb1a270dfc54daf84f53aad6",
|
||
|
"pattern": "[file:hashes.SHA1 = 'cfa00beec23e1221ec6197abe887ef51ca0722d8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-11-09T21:07:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a04c375-005c-4bc3-b01e-44a002de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-11-09T21:07:01.000Z",
|
||
|
"modified": "2017-11-09T21:07:01.000Z",
|
||
|
"first_observed": "2017-11-09T21:07:01Z",
|
||
|
"last_observed": "2017-11-09T21:07:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5a04c375-005c-4bc3-b01e-44a002de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5a04c375-005c-4bc3-b01e-44a002de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e49c6973ddcc601cfb85b451e122903b1a9c036c8baafc35cb327f76b998c537/analysis/1510233221/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|