2023-04-21 14:44:17 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5a4c917d-b144-44cc-b046-4e53950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:30.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:30.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "grouping",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "grouping--5a4c917d-b144-44cc-b046-4e53950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:30.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:30.000Z",
|
|
|
|
"name": "M2M - GlobeImposter \"..doc\" 2017-12-28 :\n \"CCE28122017_001234\" - \"CCE28122017_001234.7z\"",
|
|
|
|
"context": "suspicious-activity",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5a4c917d-1d28-4808-b076-4942950d210f",
|
|
|
|
"indicator--5a4c917e-09dc-46a6-8dea-44f9950d210f",
|
|
|
|
"indicator--5a4c9180-b100-426d-9d3e-4ce8950d210f",
|
|
|
|
"indicator--5a4c9181-979c-421b-bad3-4f0b950d210f",
|
|
|
|
"observed-data--5a4c9183-0344-450c-8580-4990950d210f",
|
|
|
|
"network-traffic--5a4c9183-0344-450c-8580-4990950d210f",
|
|
|
|
"ipv4-addr--5a4c9183-0344-450c-8580-4990950d210f",
|
|
|
|
"indicator--5a4c9184-dee8-419a-b52c-4af8950d210f",
|
|
|
|
"indicator--5a4c9185-2b28-42b3-b58a-43af950d210f",
|
|
|
|
"observed-data--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
|
|
|
|
"network-traffic--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
|
|
|
|
"ipv4-addr--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
|
|
|
|
"indicator--5a4c9188-7188-4391-823d-4251950d210f",
|
|
|
|
"indicator--5a4c9189-7bbc-49ca-b2ef-4fdb950d210f",
|
|
|
|
"observed-data--5a4c918b-78fc-4790-86b9-4700950d210f",
|
|
|
|
"network-traffic--5a4c918b-78fc-4790-86b9-4700950d210f",
|
|
|
|
"ipv4-addr--5a4c918b-78fc-4790-86b9-4700950d210f",
|
|
|
|
"indicator--5a4c918c-c8bc-4554-bf8e-4b4b950d210f",
|
|
|
|
"indicator--5a4c918d-2180-46cd-82ce-42ec950d210f",
|
|
|
|
"observed-data--5a4c918f-7f9c-4033-bd46-4226950d210f",
|
|
|
|
"network-traffic--5a4c918f-7f9c-4033-bd46-4226950d210f",
|
|
|
|
"ipv4-addr--5a4c918f-7f9c-4033-bd46-4226950d210f",
|
|
|
|
"indicator--5a4c9191-67ec-484e-9820-43df950d210f",
|
|
|
|
"indicator--5a4c9192-b3c4-4637-af92-4eed950d210f",
|
|
|
|
"observed-data--5a4c9193-69c4-4e05-ac16-4b82950d210f",
|
|
|
|
"network-traffic--5a4c9193-69c4-4e05-ac16-4b82950d210f",
|
|
|
|
"ipv4-addr--5a4c9193-69c4-4e05-ac16-4b82950d210f",
|
|
|
|
"indicator--5a4c9195-4664-45df-9632-431a950d210f",
|
|
|
|
"indicator--5a4c9196-adb8-4406-9979-4540950d210f",
|
|
|
|
"observed-data--5a4c9198-77cc-47a0-88a4-432c950d210f",
|
|
|
|
"network-traffic--5a4c9198-77cc-47a0-88a4-432c950d210f",
|
|
|
|
"ipv4-addr--5a4c9198-77cc-47a0-88a4-432c950d210f",
|
|
|
|
"indicator--5a4c919a-cbd0-4c02-9698-4b49950d210f",
|
|
|
|
"indicator--5a4c919b-b310-4a79-9817-411e950d210f",
|
|
|
|
"observed-data--5a4c919c-7d60-4c82-95b6-4c06950d210f",
|
|
|
|
"network-traffic--5a4c919c-7d60-4c82-95b6-4c06950d210f",
|
|
|
|
"ipv4-addr--5a4c919c-7d60-4c82-95b6-4c06950d210f",
|
|
|
|
"indicator--5a4c919d-f548-4b5f-bb53-432f950d210f",
|
|
|
|
"indicator--5a4c919e-f1cc-4d65-a67b-477b950d210f",
|
|
|
|
"indicator--5a4c91a0-6c1c-4139-9ec9-4f42950d210f",
|
|
|
|
"indicator--5a4c91a3-581c-4d8b-abae-4668950d210f",
|
|
|
|
"observed-data--5a4c91a5-3600-4769-bb3b-4c56950d210f",
|
|
|
|
"network-traffic--5a4c91a5-3600-4769-bb3b-4c56950d210f",
|
|
|
|
"ipv4-addr--5a4c91a5-3600-4769-bb3b-4c56950d210f",
|
|
|
|
"indicator--5a4c91a7-a240-4109-894a-4bcf950d210f",
|
|
|
|
"indicator--5a4c91a9-795c-4777-92c8-4769950d210f",
|
|
|
|
"observed-data--5a4c91ab-e288-43b6-a176-432b950d210f",
|
|
|
|
"network-traffic--5a4c91ab-e288-43b6-a176-432b950d210f",
|
|
|
|
"ipv4-addr--5a4c91ab-e288-43b6-a176-432b950d210f",
|
|
|
|
"indicator--429839aa-8a63-48c6-a526-9c59fdc171bb",
|
|
|
|
"x-misp-object--d0120535-9bae-48cb-89ef-3148489930ab",
|
|
|
|
"indicator--12590359-7f50-4ee1-b6c7-3308ecb45ea2",
|
|
|
|
"x-misp-object--3b1a023e-0f4e-4f13-8763-5ca5ffab14c6",
|
2024-04-05 12:15:17 +00:00
|
|
|
"relationship--3e6a12de-c96e-4fe6-9f86-22bcdd3fc71d",
|
|
|
|
"relationship--c39e0ba0-d043-4a33-b1aa-dcd770bb00c7"
|
2023-04-21 14:44:17 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"misp-galaxy:ransomware=\"Fake Globe Ransomware\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c917d-1d28-4808-b076-4942950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T08:17:01.000Z",
|
|
|
|
"modified": "2018-01-03T08:17:01.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'db0ecea901d4b4bf7aac1f6202e85bff']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T08:17:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c917e-09dc-46a6-8dea-44f9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T08:17:02.000Z",
|
|
|
|
"modified": "2018-01-03T08:17:02.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '62461a2a840d61f1c1f6ded106666a56']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T08:17:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c9180-b100-426d-9d3e-4ce8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[url:value = 'http://berkahbajamakmur.com/06YefeR']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c9181-979c-421b-bad3-4f0b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'berkahbajamakmur.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5a4c9183-0344-450c-8580-4990950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"first_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"last_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5a4c9183-0344-450c-8580-4990950d210f",
|
|
|
|
"ipv4-addr--5a4c9183-0344-450c-8580-4990950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5a4c9183-0344-450c-8580-4990950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5a4c9183-0344-450c-8580-4990950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5a4c9183-0344-450c-8580-4990950d210f",
|
|
|
|
"value": "202.71.103.249"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c9184-dee8-419a-b52c-4af8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[url:value = 'http://slimthrive.net/06YefeR']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c9185-2b28-42b3-b58a-43af950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'slimthrive.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"first_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"last_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
|
|
|
|
"ipv4-addr--5a4c9187-04a0-4b05-bfaf-44e9950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5a4c9187-04a0-4b05-bfaf-44e9950d210f",
|
|
|
|
"value": "199.188.200.142"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c9188-7188-4391-823d-4251950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[url:value = 'http://smartnewjerseyhomebuyers.com/06YefeR']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c9189-7bbc-49ca-b2ef-4fdb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'smartnewjerseyhomebuyers.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5a4c918b-78fc-4790-86b9-4700950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"first_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"last_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5a4c918b-78fc-4790-86b9-4700950d210f",
|
|
|
|
"ipv4-addr--5a4c918b-78fc-4790-86b9-4700950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5a4c918b-78fc-4790-86b9-4700950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5a4c918b-78fc-4790-86b9-4700950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5a4c918b-78fc-4790-86b9-4700950d210f",
|
|
|
|
"value": "199.188.200.143"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c918c-c8bc-4554-bf8e-4b4b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[url:value = 'http://standardfederalproperties.com/06YefeR']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c918d-2180-46cd-82ce-42ec950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'standardfederalproperties.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5a4c918f-7f9c-4033-bd46-4226950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"first_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"last_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5a4c918f-7f9c-4033-bd46-4226950d210f",
|
|
|
|
"ipv4-addr--5a4c918f-7f9c-4033-bd46-4226950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5a4c918f-7f9c-4033-bd46-4226950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5a4c918f-7f9c-4033-bd46-4226950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5a4c918f-7f9c-4033-bd46-4226950d210f",
|
|
|
|
"value": "162.144.81.164"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c9191-67ec-484e-9820-43df950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[url:value = 'http://swarm-solutions.com/06YefeR']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c9192-b3c4-4637-af92-4eed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'swarm-solutions.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5a4c9193-69c4-4e05-ac16-4b82950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"first_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"last_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5a4c9193-69c4-4e05-ac16-4b82950d210f",
|
|
|
|
"ipv4-addr--5a4c9193-69c4-4e05-ac16-4b82950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5a4c9193-69c4-4e05-ac16-4b82950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5a4c9193-69c4-4e05-ac16-4b82950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5a4c9193-69c4-4e05-ac16-4b82950d210f",
|
|
|
|
"value": "50.62.228.1"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c9195-4664-45df-9632-431a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[url:value = 'http://weserve.world/06YefeR']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c9196-adb8-4406-9979-4540950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'weserve.world']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5a4c9198-77cc-47a0-88a4-432c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"first_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"last_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5a4c9198-77cc-47a0-88a4-432c950d210f",
|
|
|
|
"ipv4-addr--5a4c9198-77cc-47a0-88a4-432c950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5a4c9198-77cc-47a0-88a4-432c950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5a4c9198-77cc-47a0-88a4-432c950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5a4c9198-77cc-47a0-88a4-432c950d210f",
|
|
|
|
"value": "199.188.200.150"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c919a-cbd0-4c02-9698-4b49950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[url:value = 'http://yourappyourway.com/06YefeR']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c919b-b310-4a79-9817-411e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'yourappyourway.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5a4c919c-7d60-4c82-95b6-4c06950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"first_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"last_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5a4c919c-7d60-4c82-95b6-4c06950d210f",
|
|
|
|
"ipv4-addr--5a4c919c-7d60-4c82-95b6-4c06950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5a4c919c-7d60-4c82-95b6-4c06950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5a4c919c-7d60-4c82-95b6-4c06950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5a4c919c-7d60-4c82-95b6-4c06950d210f",
|
|
|
|
"value": "199.188.200.96"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c919d-f548-4b5f-bb53-432f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[url:value = 'http://zeeshanasghar.website/06YefeR']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c919e-f1cc-4d65-a67b-477b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'zeeshanasghar.website']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c91a0-6c1c-4139-9ec9-4f42950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[url:value = 'https://topyzscsu5poprxy.onion.link/shfgealjh.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c91a3-581c-4d8b-abae-4668950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'topyzscsu5poprxy.onion.link']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5a4c91a5-3600-4769-bb3b-4c56950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"first_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"last_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5a4c91a5-3600-4769-bb3b-4c56950d210f",
|
|
|
|
"ipv4-addr--5a4c91a5-3600-4769-bb3b-4c56950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5a4c91a5-3600-4769-bb3b-4c56950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5a4c91a5-3600-4769-bb3b-4c56950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5a4c91a5-3600-4769-bb3b-4c56950d210f",
|
|
|
|
"value": "103.198.0.2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c91a7-a240-4109-894a-4bcf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[url:value = 'http://psoeiras.net/js/count.php?nu=105&fb=110']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5a4c91a9-795c-4777-92c8-4769950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'psoeiras.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5a4c91ab-e288-43b6-a176-432b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:18.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:18.000Z",
|
|
|
|
"first_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"last_observed": "2018-01-03T20:56:18Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5a4c91ab-e288-43b6-a176-432b950d210f",
|
|
|
|
"ipv4-addr--5a4c91ab-e288-43b6-a176-432b950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5a4c91ab-e288-43b6-a176-432b950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5a4c91ab-e288-43b6-a176-432b950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5a4c91ab-e288-43b6-a176-432b950d210f",
|
|
|
|
"value": "74.220.219.67"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--429839aa-8a63-48c6-a526-9c59fdc171bb",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:21.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:21.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '62461a2a840d61f1c1f6ded106666a56' AND file:hashes.SHA1 = '6d30c34e4ee30cc257604ac00b73bd03abdf6f38' AND file:hashes.SHA256 = 'f8f07c01e2092c1cac889799a17a0f740c057375d105567fc2f31c946ff63232']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--d0120535-9bae-48cb-89ef-3148489930ab",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:19.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:19.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/f8f07c01e2092c1cac889799a17a0f740c057375d105567fc2f31c946ff63232/analysis/1514527094/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "5a4d4373-3224-4970-af3e-410002de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "32/67",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5a4d4373-7f90-4568-8224-4dbb02de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2017-12-29 05:58:14",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5a4d4373-5ab0-45ca-8387-4dab02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--12590359-7f50-4ee1-b6c7-3308ecb45ea2",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:22.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:22.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'db0ecea901d4b4bf7aac1f6202e85bff' AND file:hashes.SHA1 = 'ad7627b1971bc7ac7ce81c77921adf6261bad79e' AND file:hashes.SHA256 = '34e26931754f889d0800cc975d7d15d6dd9dc69a3e80d3babeaa93b1f0eae2ba']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-01-03T20:56:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--3b1a023e-0f4e-4f13-8763-5ca5ffab14c6",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2018-01-03T20:56:19.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:19.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/34e26931754f889d0800cc975d7d15d6dd9dc69a3e80d3babeaa93b1f0eae2ba/analysis/1514457956/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"uuid": "5a4d4373-178c-451f-b7b7-4ed802de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "11/68",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5a4d4373-e534-4623-a086-45a302de0b81"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2017-12-28 10:45:56",
|
|
|
|
"category": "Other",
|
|
|
|
"uuid": "5a4d4373-1430-49a8-9449-441a02de0b81"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--3e6a12de-c96e-4fe6-9f86-22bcdd3fc71d",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-01-03T20:56:19.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:19.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--429839aa-8a63-48c6-a526-9c59fdc171bb",
|
|
|
|
"target_ref": "x-misp-object--d0120535-9bae-48cb-89ef-3148489930ab"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2024-04-05 12:15:17 +00:00
|
|
|
"id": "relationship--c39e0ba0-d043-4a33-b1aa-dcd770bb00c7",
|
2023-04-21 14:44:17 +00:00
|
|
|
"created": "2018-01-03T20:56:20.000Z",
|
|
|
|
"modified": "2018-01-03T20:56:20.000Z",
|
|
|
|
"relationship_type": "analysed-with",
|
|
|
|
"source_ref": "indicator--12590359-7f50-4ee1-b6c7-3308ecb45ea2",
|
|
|
|
"target_ref": "x-misp-object--3b1a023e-0f4e-4f13-8763-5ca5ffab14c6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|