2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5472f4a5-eafc-43c4-91b1-4bfe950d210b",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:51.000Z",
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5472f4a5-eafc-43c4-91b1-4bfe950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:51.000Z",
|
|
|
|
"name": "OSINT Evil Bunny: Suspect #4",
|
|
|
|
"published": "2016-02-22T14:40:09Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--5472f4b8-77a4-4381-a8a8-4a48950d210b",
|
|
|
|
"url--5472f4b8-77a4-4381-a8a8-4a48950d210b",
|
|
|
|
"observed-data--5472f4b8-591c-4c5e-bf23-4bff950d210b",
|
|
|
|
"url--5472f4b8-591c-4c5e-bf23-4bff950d210b",
|
|
|
|
"x-misp-attribute--5472f4c9-f368-401a-aba8-4082950d210b",
|
|
|
|
"x-misp-attribute--5472f4c9-f624-4cd5-8b4e-4fd8950d210b",
|
|
|
|
"x-misp-attribute--5472f4d8-7c24-4e07-9341-4740950d210b",
|
|
|
|
"indicator--5472f520-2764-4016-941c-4228950d210b",
|
|
|
|
"indicator--5472f520-257c-4e79-a281-469e950d210b",
|
|
|
|
"indicator--5472f520-f474-4069-9e81-4514950d210b",
|
|
|
|
"indicator--5472f520-fcf0-41d6-92bb-42e9950d210b",
|
|
|
|
"vulnerability--5472fa54-180c-48d3-b8d6-4605950d210b",
|
|
|
|
"indicator--5472fa9f-8678-49bd-886f-47a2950d210b",
|
|
|
|
"indicator--5472fa9f-d3dc-47b0-83c3-4d04950d210b",
|
|
|
|
"indicator--5472fa9f-3598-4f6a-961b-45f9950d210b",
|
|
|
|
"indicator--5472fb13-2854-4a94-952b-41e6950d210b",
|
|
|
|
"indicator--5472fb13-acb8-4ee2-842f-4293950d210b",
|
|
|
|
"indicator--5472fb13-53c4-452f-81de-4d51950d210b",
|
|
|
|
"indicator--5472fb49-2884-43f1-b5be-4455950d210b",
|
|
|
|
"indicator--5472fb49-5c20-4d2d-89ad-48be950d210b",
|
|
|
|
"indicator--5472fb4a-ebb0-49ed-888f-4803950d210b",
|
|
|
|
"indicator--5472fb54-2da4-4e0e-b3b1-42cb950d210b",
|
|
|
|
"indicator--5472fbbf-b7b4-4a69-951e-4234950d210b",
|
|
|
|
"indicator--5472fbbf-a15c-401d-bcd2-4ae0950d210b",
|
|
|
|
"indicator--5472fbc0-6508-49b6-8c4b-4536950d210b",
|
|
|
|
"indicator--5472fbc0-1bec-4e1a-a187-4073950d210b",
|
|
|
|
"indicator--5472fbc0-f38c-4c6c-98bd-4479950d210b",
|
|
|
|
"indicator--5472fbc0-db24-42ea-a272-499e950d210b",
|
|
|
|
"indicator--5472fbc0-22c4-48bb-abd3-4332950d210b",
|
|
|
|
"indicator--5472fbc0-ef78-44a5-b8cb-4402950d210b",
|
|
|
|
"indicator--5472fbc0-0fa0-4f7b-adf3-4e63950d210b",
|
|
|
|
"indicator--5472fbc0-94bc-421c-8951-45b6950d210b",
|
|
|
|
"indicator--5472fbd5-97a0-4259-b0e9-4521950d210b",
|
|
|
|
"indicator--5472fbd5-3a90-4d8e-9179-49e9950d210b",
|
|
|
|
"indicator--5472fc2e-b068-4c9c-ba01-41a1950d210b",
|
|
|
|
"indicator--5472fc2e-501c-4286-8b25-4f3e950d210b",
|
|
|
|
"indicator--5472fd5f-597c-4984-9d5e-4bb8950d210b",
|
|
|
|
"indicator--5472fd5f-afe8-4992-a04f-4a63950d210b",
|
|
|
|
"indicator--5472fd5f-a5e8-47be-8d83-4349950d210b",
|
|
|
|
"indicator--5472fd5f-c464-4982-9cf6-4d88950d210b",
|
|
|
|
"indicator--5472fd5f-8b84-4267-be3b-481a950d210b",
|
|
|
|
"indicator--5472fd5f-9f04-4a96-bcb7-4074950d210b",
|
|
|
|
"indicator--5472fd5f-0638-45ec-b6d3-45b7950d210b",
|
|
|
|
"indicator--5472fd5f-7c44-4485-88cc-484e950d210b",
|
|
|
|
"indicator--5472fd5f-b384-4108-a326-4018950d210b",
|
|
|
|
"indicator--5472fd5f-5a00-4266-8d5a-4d63950d210b",
|
|
|
|
"indicator--5472fd5f-8a28-415b-98d2-4801950d210b",
|
|
|
|
"indicator--5472fd5f-ae74-4b9e-b68e-4df1950d210b",
|
|
|
|
"indicator--5472fd60-a5f0-413a-ab01-4bd1950d210b",
|
|
|
|
"indicator--5472fd60-0af0-4609-9b96-43df950d210b",
|
|
|
|
"indicator--5472fd60-0814-4eb6-8528-4f0f950d210b",
|
|
|
|
"indicator--5472fd60-abc0-419b-8c7a-4a57950d210b",
|
|
|
|
"indicator--5472fd60-26bc-4740-b41d-4f24950d210b",
|
|
|
|
"indicator--5472fd60-e528-4dbc-80b1-46a1950d210b",
|
|
|
|
"indicator--5472fd60-aeb8-4049-9e06-44f3950d210b",
|
|
|
|
"indicator--5472fd60-af14-4548-8088-440a950d210b",
|
|
|
|
"indicator--5472fd60-5f50-4a40-823e-4ae3950d210b",
|
|
|
|
"indicator--5472fd60-00c0-428e-bf2e-4705950d210b",
|
|
|
|
"indicator--5472fd60-e8cc-4a3f-bafc-4369950d210b",
|
|
|
|
"indicator--5472fd60-8ce4-4175-834f-4d01950d210b",
|
|
|
|
"indicator--5472fd60-a5e4-4342-b941-45f8950d210b",
|
|
|
|
"indicator--5472fd60-2eb8-497f-b84e-45fd950d210b",
|
|
|
|
"indicator--5472fd60-4424-4578-8699-4ea1950d210b",
|
|
|
|
"indicator--5472fd61-8414-43cb-9471-4078950d210b",
|
|
|
|
"indicator--5472fd61-b060-4656-acfd-4bfc950d210b",
|
|
|
|
"indicator--56c6477b-007c-4e17-a62d-5f51950d210f",
|
|
|
|
"indicator--56c6477e-2e9c-48f9-b7e0-4efd950d210f",
|
|
|
|
"indicator--56c6477c-76e4-41d3-94d3-4359950d210f",
|
|
|
|
"indicator--56c6477e-2954-44eb-86de-c650950d210f",
|
|
|
|
"indicator--56c6477f-4d88-4015-b26e-c651950d210f",
|
|
|
|
"indicator--56c64780-c934-4188-90fe-59a2950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT"
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5472f4b8-77a4-4381-a8a8-4a48950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:04:56.000Z",
|
|
|
|
"modified": "2014-11-24T09:04:56.000Z",
|
|
|
|
"first_observed": "2014-11-24T09:04:56Z",
|
|
|
|
"last_observed": "2014-11-24T09:04:56Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5472f4b8-77a4-4381-a8a8-4a48950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5472f4b8-77a4-4381-a8a8-4a48950d210b",
|
|
|
|
"value": "http://0x1338.blogspot.be/2014/11/hunting-bunnies.html"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5472f4b8-591c-4c5e-bf23-4bff950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:04:56.000Z",
|
|
|
|
"modified": "2014-11-24T09:04:56.000Z",
|
|
|
|
"first_observed": "2014-11-24T09:04:56Z",
|
|
|
|
"last_observed": "2014-11-24T09:04:56Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5472f4b8-591c-4c5e-bf23-4bff950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5472f4b8-591c-4c5e-bf23-4bff950d210b",
|
|
|
|
"value": "https://drive.google.com/file/d/0B9Mrr-en8FX4M2lXN1B4eElHcE0/view"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5472f4c9-f368-401a-aba8-4082950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:05:13.000Z",
|
|
|
|
"modified": "2014-11-24T09:05:13.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "External analysis",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "Evil Bunny"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5472f4c9-f624-4cd5-8b4e-4fd8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:05:13.000Z",
|
|
|
|
"modified": "2014-11-24T09:05:13.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "External analysis",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "EvilBunny"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5472f4d8-7c24-4e07-9341-4740950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:05:28.000Z",
|
|
|
|
"modified": "2014-11-24T09:05:28.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"comment\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "External analysis",
|
|
|
|
"x_misp_type": "comment",
|
|
|
|
"x_misp_value": "Data entered by David Andr\u00c3\u00a9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472f520-2764-4016-941c-4228950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:06:40.000Z",
|
|
|
|
"modified": "2014-11-24T09:06:40.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c40e3ee23cf95d992b7cd0b7c01b8599']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:06:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472f520-257c-4e79-a281-469e950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:06:40.000Z",
|
|
|
|
"modified": "2014-11-24T09:06:40.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '1e8b4c374db03dcca026c5feba0a5c117f740233']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:06:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472f520-f474-4069-9e81-4514950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:06:40.000Z",
|
|
|
|
"modified": "2014-11-24T09:06:40.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3bbb59afdf9bda4ffdc644d9d51c53e7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:06:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472f520-fcf0-41d6-92bb-42e9950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:06:40.000Z",
|
|
|
|
"modified": "2014-11-24T09:06:40.000Z",
|
|
|
|
"description": "Imported via the freetext import.",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '1798985f4cc2398a482f2232e72e5817562530de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:06:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "vulnerability",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "vulnerability--5472fa54-180c-48d3-b8d6-4605950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:28:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:28:52.000Z",
|
|
|
|
"name": "CVE-2011-4369",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"vulnerability\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
],
|
|
|
|
"external_references": [
|
|
|
|
{
|
|
|
|
"source_name": "cve",
|
|
|
|
"external_id": "CVE-2011-4369"
|
|
|
|
}
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fa9f-8678-49bd-886f-47a2950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:30:07.000Z",
|
|
|
|
"modified": "2014-11-24T09:30:07.000Z",
|
|
|
|
"pattern": "[url:value = 'http://le-progres.net/images/php/test.php?rec=11206-01']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:30:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fa9f-d3dc-47b0-83c3-4d04950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:30:07.000Z",
|
|
|
|
"modified": "2014-11-24T09:30:07.000Z",
|
|
|
|
"pattern": "[url:value = 'http://ghatreh.com/skins/php/test.php?rec=11206-01']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:30:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fa9f-3598-4f6a-961b-45f9950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:30:07.000Z",
|
|
|
|
"modified": "2014-11-24T09:30:07.000Z",
|
|
|
|
"pattern": "[url:value = 'http://www.usthb-dz.org/includes/php/test.php?rec=11206-01']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:30:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fb13-2854-4a94-952b-41e6950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:38:04.000Z",
|
|
|
|
"modified": "2014-11-24T09:38:04.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'le-progres.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:38:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fb13-acb8-4ee2-842f-4293950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:37:59.000Z",
|
|
|
|
"modified": "2014-11-24T09:37:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ghatreh.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:37:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fb13-53c4-452f-81de-4d51950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:37:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:37:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'usthb-dz.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:37:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fb49-2884-43f1-b5be-4455950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:32:57.000Z",
|
|
|
|
"modified": "2014-11-24T09:32:57.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.90.160.65']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:32:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fb49-5c20-4d2d-89ad-48be950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:32:57.000Z",
|
|
|
|
"modified": "2014-11-24T09:32:57.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '70.38.107.13']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:32:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fb4a-ebb0-49ed-888f-4803950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:32:58.000Z",
|
|
|
|
"modified": "2014-11-24T09:32:58.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '70.38.12.10']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:32:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fb54-2da4-4e0e-b3b1-42cb950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:33:08.000Z",
|
|
|
|
"modified": "2014-11-24T09:33:08.000Z",
|
|
|
|
"pattern": "[url:value = 'http://1.9.32.11/bunny/test.php?rec=nvista']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:33:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fbbf-b7b4-4a69-951e-4234950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:34:55.000Z",
|
|
|
|
"modified": "2014-11-24T09:34:55.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2a64d331964dbdec8141f16585f392ba']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:34:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fbbf-a15c-401d-bcd2-4ae0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:34:55.000Z",
|
|
|
|
"modified": "2014-11-24T09:34:55.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '40e0f0681c79d70ac0329e68a94294cb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:34:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fbc0-6508-49b6-8c4b-4536950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:34:56.000Z",
|
|
|
|
"modified": "2014-11-24T09:34:56.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8132ee00f64856cf10930fd72505cebe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:34:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fbc0-1bec-4e1a-a187-4073950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:34:56.000Z",
|
|
|
|
"modified": "2014-11-24T09:34:56.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e8a333a726481a72b267ec6109939b0d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:34:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fbc0-f38c-4c6c-98bd-4479950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:34:56.000Z",
|
|
|
|
"modified": "2014-11-24T09:34:56.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3bbb59afdf9bda4ffdc644d9d51c53e7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:34:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fbc0-db24-42ea-a272-499e950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:34:56.000Z",
|
|
|
|
"modified": "2014-11-24T09:34:56.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c40e3ee23cf95d992b7cd0b7c01b8599']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:34:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fbc0-22c4-48bb-abd3-4332950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:34:56.000Z",
|
|
|
|
"modified": "2014-11-24T09:34:56.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '330dc1a7f3930a2234e505ba11da0eea']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:34:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fbc0-ef78-44a5-b8cb-4402950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:34:56.000Z",
|
|
|
|
"modified": "2014-11-24T09:34:56.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '83b7c532663f11bf994a1b518880557d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:34:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fbc0-0fa0-4f7b-adf3-4e63950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:34:56.000Z",
|
|
|
|
"modified": "2014-11-24T09:34:56.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b8ac16701c3c15b103e61b5a317692bc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:34:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fbc0-94bc-421c-8951-45b6950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:34:56.000Z",
|
|
|
|
"modified": "2014-11-24T09:34:56.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'bbf4b1961ff0ce19db748616754da76e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:34:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fbd5-97a0-4259-b0e9-4521950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:35:17.000Z",
|
|
|
|
"modified": "2014-11-24T09:35:17.000Z",
|
|
|
|
"pattern": "[url:value = 'http://callientefever.info/img/new/n.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:35:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fbd5-3a90-4d8e-9179-49e9950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:35:17.000Z",
|
|
|
|
"modified": "2014-11-24T09:35:17.000Z",
|
|
|
|
"pattern": "[url:value = 'http://fullapple.net/pictures/bkp/n.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:35:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fc2e-b068-4c9c-ba01-41a1950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:36:46.000Z",
|
|
|
|
"modified": "2014-11-24T09:36:46.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'callientefever.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:36:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fc2e-501c-4286-8b25-4f3e950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:36:46.000Z",
|
|
|
|
"modified": "2014-11-24T09:36:46.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'fullapple.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:36:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd5f-597c-4984-9d5e-4bb8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:51.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.107.60.97']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd5f-afe8-4992-a04f-4a63950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:51.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.168.221.41']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd5f-a5e8-47be-8d83-4349950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:51.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.13.160.25']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd5f-c464-4982-9cf6-4d88950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:51.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.157.11.208']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd5f-8b84-4267-be3b-481a950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:51.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.93.167.100']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd5f-9f04-4a96-bcb7-4074950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:51.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.73.210.155']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd5f-0638-45ec-b6d3-45b7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:51.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '208.87.149.250']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd5f-7c44-4485-88cc-484e950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:51.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.51.136.27']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd5f-b384-4108-a326-4018950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:51.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '209.62.20.175']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd5f-5a00-4266-8d5a-4d63950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:51.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.186.33.19']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd5f-8a28-415b-98d2-4801950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:51.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.108.239.153']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd5f-ae74-4b9e-b68e-4df1950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:51.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:51.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.36.248.128']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-a5f0-413a-ab01-4bd1950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.36.248.134']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-0af0-4609-9b96-43df950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.15.136.137']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-0814-4eb6-8528-4f0f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.20.43.107']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-abc0-419b-8c7a-4a57950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.45.225.11']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-26bc-4740-b41d-4f24950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.18.209.222']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-e528-4dbc-80b1-46a1950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.19.22.234']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-aeb8-4049-9e06-44f3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.19.84.46']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-af14-4548-8088-440a950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '68.178.232.99']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-5f50-4a40-823e-4ae3950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.25.212.153']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-00c0-428e-bf2e-4705950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.46.226.168']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-e8cc-4a3f-bafc-4369950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '70.38.107.12']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-8ce4-4175-834f-4d01950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.9.244.162']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-a5e4-4342-b941-45f8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.54.82.222']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-2eb8-497f-b84e-45fd950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '74.54.82.228']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd60-4424-4578-8699-4ea1950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:52.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:52.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '8.5.1.34']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd61-8414-43cb-9471-4078950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:53.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:53.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.121.137.201']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5472fd61-b060-4656-acfd-4bfc950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2014-11-24T09:41:53.000Z",
|
|
|
|
"modified": "2014-11-24T09:41:53.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.121.142.185']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2014-11-24T09:41:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c6477b-007c-4e17-a62d-5f51950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-18T22:36:43.000Z",
|
|
|
|
"modified": "2016-02-18T22:36:43.000Z",
|
|
|
|
"description": "Automatically added (via b8ac16701c3c15b103e61b5a317692bc)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'a4226714f346c7844a9183e01961e7609d6fa241']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-18T22:36:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c6477e-2e9c-48f9-b7e0-4efd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-18T22:36:46.000Z",
|
|
|
|
"modified": "2016-02-18T22:36:46.000Z",
|
|
|
|
"description": "Automatically added (via 83b7c532663f11bf994a1b518880557d)",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'c923e15718926bb4a80a29017d5b35bb841bd246']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-18T22:36:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c6477c-76e4-41d3-94d3-4359950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-18T22:36:44.000Z",
|
|
|
|
"modified": "2016-02-18T22:36:44.000Z",
|
|
|
|
"description": "Automatically added (via b8ac16701c3c15b103e61b5a317692bc)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '7d1e5c4afb1682087d86e793b3fc5a8371dc7c28e27e7196e3b258934f6bafb5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-18T22:36:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c6477e-2954-44eb-86de-c650950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-18T22:36:46.000Z",
|
|
|
|
"modified": "2016-02-18T22:36:46.000Z",
|
|
|
|
"description": "Automatically added (via 83b7c532663f11bf994a1b518880557d)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '5b54508b69a6d8a7630f9f6b627cba6dc80320f2f762a2cc8ba4dd4519ef500a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-18T22:36:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c6477f-4d88-4015-b26e-c651950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-18T22:36:47.000Z",
|
|
|
|
"modified": "2016-02-18T22:36:47.000Z",
|
|
|
|
"description": "Automatically added (via c40e3ee23cf95d992b7cd0b7c01b8599)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c6a182f410b4cda0665cd792f00177c56338018fbc31bb34e41b72f8195c20cc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-18T22:36:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--56c64780-c934-4188-90fe-59a2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2016-02-18T22:36:48.000Z",
|
|
|
|
"modified": "2016-02-18T22:36:48.000Z",
|
|
|
|
"description": "Automatically added (via 3bbb59afdf9bda4ffdc644d9d51c53e7)",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'be14d781b85125a6074724964622ab05f89f41e6bacbda398bc7709d1d98a2ef']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-02-18T22:36:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:GREEN",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "green"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|