adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/56e029d7-6afc-4654-a6a7-40bb950d210f.json

869 lines
212 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--56e029d7-6afc-4654-a6a7-40bb950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:55:54.000Z",
"modified": "2016-03-09T13:55:54.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--56e029d7-6afc-4654-a6a7-40bb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:55:54.000Z",
"modified": "2016-03-09T13:55:54.000Z",
"name": "Dridex (2016-03-09) - botnet 220",
"published": "2016-03-09T13:59:09Z",
"object_refs": [
"indicator--56e029e9-746c-4e34-a4e7-4eb2950d210f",
"indicator--56e029e9-9a5c-486c-b687-46b2950d210f",
"indicator--56e029ea-42a4-45a2-b700-4c11950d210f",
"indicator--56e02a1d-b0ac-4870-b1ef-4592950d210f",
"indicator--56e02a1d-e2fc-4431-8481-4560950d210f",
"indicator--56e02a1d-f66c-4831-84c7-4c67950d210f",
"indicator--56e02a1d-8408-4fda-9a7d-48cb950d210f",
"indicator--56e02a46-b524-4200-9110-42b2950d210f",
"indicator--56e02a47-3848-44c4-8877-4776950d210f",
"indicator--56e02a47-c5f8-48ca-b96c-48c9950d210f",
"indicator--56e02a47-eb60-4e66-9a38-475e950d210f",
"indicator--56e02a48-6db0-4c53-894a-4546950d210f",
"indicator--56e02a48-7ca8-4a6e-846c-49e0950d210f",
"indicator--56e02a48-0e24-4866-a349-4537950d210f",
"indicator--56e02a49-cd2c-4079-994c-4af1950d210f",
"indicator--56e02a49-523c-481a-9835-474c950d210f",
"indicator--56e02a49-ea18-4111-b2b3-4708950d210f",
"indicator--56e02a4a-9c70-497b-b5ce-482b950d210f",
"indicator--56e02a4a-5144-4008-85e4-47af950d210f",
"indicator--56e02a4a-6918-4f9c-b696-4088950d210f",
"indicator--56e02a4b-826c-4ac3-9a92-4285950d210f",
"indicator--56e02a4b-9294-4feb-a69b-4877950d210f",
"indicator--56e02aae-fe28-40f6-9ace-4946950d210f",
"indicator--56e02aaf-ba40-4996-9fe8-4292950d210f",
"indicator--56e02aaf-bef0-4ca4-be27-4e4e950d210f",
"indicator--56e02aaf-6c24-4f01-bdeb-47e9950d210f",
"indicator--56e02ab0-bf50-487d-99ab-4d65950d210f",
"indicator--56e02ab0-70c4-4631-909d-4049950d210f",
"indicator--56e02ab0-1b24-4daf-9edd-46d8950d210f",
"indicator--56e02ab1-4f7c-4697-bc44-492a950d210f",
"indicator--56e02ab1-1ea4-440a-a135-4ec7950d210f",
"indicator--56e02ab1-f30c-4d60-8f94-4da3950d210f",
"observed-data--56e02b6a-9928-4e41-b5de-440d02de0b81",
"url--56e02b6a-9928-4e41-b5de-440d02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"circl:incident-classification=\"malware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e029e9-746c-4e34-a4e7-4eb2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:49:29.000Z",
"modified": "2016-03-09T13:49:29.000Z",
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAC9uaUi746IvKQ4CAB9zAgAgABwAYjFkYWU4MjhlMzk4ODQxODA3YTE4YzRjMWY3MjU1ZTJVVAkAA+kp4FbpKeBWdXgLAAEEIQAAAAQhAAAAW5uiQhrniz0BTP4luOLQbSEPcwhlyFJiBZPisCky8zXG2SYS1ZyVUODNTacb/8MXiizJ4191W5po7VnvS8xK4ObxSc/hXANy1Jw1CR5akYxtAiJDl1ganRleNQGuoUXA+jPB00TJQd7Jw2l+Dtya0Yjw3dqWDekPZRq3ZocFqqvhBnsfDDjlpF7eT20mPiIEO+/W0nokwRtCKQ/JqvhmNolE1tGEySxo1ESxJNdpq4tIRTZGpw8u5CNo8x/VE++D1PRFUInbNmDQHLJP/BU6XmR/164h1k/Tmcv/vJXERf5uXYhp0/8sXwUhWaacu806VOzV+c2YsTMyPov2YMtTfYxo/S7LovFROTwSi9DHD8+FaFfpp1dBkyEw7HSH0B9GKq9XlgASNpoRfrZaDwjVsOPPVw3oQj+TRcF2k+WA36GWJiwnhzUibJSa+sxlCKUVq8KxVXkz/VtEHp0fcOPIzxA8ptX6tfAlEtxzMu2KZURWkyq8NVhpD3WDJ6LcQv6X7PHU+bYFPwGs1UgRmt6J/Oh+v1GXevXd7M2hj9DpkOsHREn10lLu5REw6YoEWuARlNKp2I/TL6ywolrRKU7XzUGmhlJRtcllmr9pM0bloHj4PrqRJqS9VhCFY3ykF90nazTi2S7uAiNP47WG8bPNU8JZdzQ7odX2IyOHntAhkvNdyiPBNrkYyL7FXvMF3V6Kyy80ebhXpxSyT+EgvSMvPQiSHR+YO5821h9gA0zHPc6sWhcQoGtI0h9lOwm5oXfvdR0tFbFI5N+uotIIyhXeAy2x78CHJUYTcfClzOekn3lTpu4obi8fMK7FdvfhXsCi5uvOtc90Jb2/E7up/hTLfrH5qjOJt5wJOSTsSycx1v6t1j4FL6OWcX6ScH+5A48JmZJJiZ5AiqDyY+B+pyT6slPPH2zYJl34DX4KDoDGgtsbvtM8/I3woVp89j9tyF74hSNKCF4Vu4D+KBqoASwjG9220CyeLnXtTWGVc/ay8QQls1hKPyg+a6Y9fhV8ttUrcX1gNmSLtwKnIdTgJT1CW3lJs9u5LYcl4L/qdzHS9yXlPtQhEocOFt/aRU2FXljfPBXfDzhVCYV4WF0JuL+kHTZ5gGByNpy6fPcumgKX7N6w6XzqkFkwDLYTJE2q7EiGKsjLg2ZAV3pQAxspwjm2rHk503JoeBdkBwamdTifYdiXbxkzxV0c43zIHM9E85aRF0negNv6b1AvJ+ALuo9xuL6VQpEvIbk2JjdfR8kdS6Cq938EI+ehcAL6SX3yeMTv+grYnucGNp7htv4SMHKeCBi0rW/iDft63/SA1qHJTQfdBBNDMe9tiBQ/lvfkII3yVwHFABJCc3KI/Pn+05es6CEQz0Jm97R9k6Xzb8LUFOVpxQnX+hODeNC1sQvfpK2VbnIFYUEgL3WFfMRvJ4BdFnVz8sXI+wC0RtxlW0nMmfwUHmIb+yS5tZN5p7aoTA+VTvPZzOut6F8CVEf9jVsTW+SNh/3vTJoCKCPI6x0ev56d175CQSiF/wDr2a9dMAvu6Gf0KAXDRsK8IhIHlJKtpnOiy3EsLpCch4oURtQLXeXS/kSbWAd934jTbykat9c7K105biMIJ3DUwvgVW0qSaBGir97409f4Iukq4u6LyjiGGN6vItGP8WQAy4KGKUitZsxwWlLB77fhRUEssUtXVI3/pay/2sj+d77+4Ag3ZTwf0kvVFwP5K8mViiiEk0Ejpa87jEb5qvMWUx9ZqHV/nENNNOgNWzyQXUypCEa9JU5qAdjTsM00tBqjmsYLYgQg6olB0rb/a9opclO2llIIs1jb6pBmi7TtZyHqYm1b9jZ2Oqmd5Hdi8IygRWyqPLVQgrY67pMXbjdMULqoYZ/qt7YG8qnRbzBUj/DXaym/WICRjQ96jDB4z8iST9ammRERPDnLuM1wzfeZFwOuJF5YT/i8G1GnOWkfB4nHvCWaSx+ZhIKyxrHAsucPT4zrHwUF7/lKHt8Ce+Zqzy+G+BoHDp8QJ2FdaIV473RkNlLXNDkKAHLpca9mbg8E7rwtl1wSxd6P5GZxFGLICZk7BVh+61Ftd3ZnNL31bgnXkZsO2GcQFgm5KT1u0zc4vTa7De5nOyvypLhrJFAf15jfQJIxd75jgqidvA2ET/ow9iLfAELy9ZhOf3DK1VTwrmDt/A0yP4gTyLEDYaj01vK+lUsKYfQCEWu/2FOHoKIknb69Q7ofshD65YKbU8wtNIUuFMsUEbryrF3Q4J3zh2fEZdGHqomi8fvr8AzEIat8HXrcUSiE3C05bWlM4GNrLoKvG5zrVn/RkrYvAstvH3fRDPNsC71pXW4yqFPmLMVZG4pUoxWr1TJUnucgt65lkTjd7C+z0DXb4V+ZCVMPf/FhaFEtfXR+1r64cVQ9Q3oP0Nca5Ar8CuzRd2c4GeDYbGh/r2ZC6J6fZR1NQeIZx6kXnS8cR6TBiwXb/ou8ewWhfXt3teBW2y6q4mCkI/6MQSGclAmjoF+m4xEoK8uVRFA9TiLBhxi4DFxCAnJZhPURyPuimIxv5tAcpRhaNIWtCz73ElRqwjZz7b5H58+ywx4+ChVj0/mzonepsaSJSioAoyrBz3/j/TyAxNhDM9sgpLSnWoZObdlQwHKi6ZVDmvhUxPvm7tgYptrghocb8OxpLKoO6fVkRDjFlMn+HuNCcavuvn/cUuUJUe1DKUy7e35fAquXmZv73hfGWoPmi7qX6RgGuBu9Wi/S0jsgmCRSvm+8Kg63fdloP/hjXtiIqWUcN8MzTreB3ZlkyRGoy9sf/KI2tOzqd8Kd1yoTxRhYZGH5/T1ZUK8uZWSHZg3pSw3nkQF3Ackp/5q+DR27rCmKBEbatU/tnAR5G2hWYeOOZCgnc/8+pNiyUkktYw0gEBbQD76vhH4DJ5aw1Pj8XFY2D96aD1hr0zvEo2XhSvs9vD/B3Tu1Ju2rq5IqpKTm9Ax0kRSE1cEdKoBFU3y5nny9vuHsNMCW121JEDl3XZ89OkaTRPLhfa7bS5jWiiPbRV2s085ma2L6OICRFc7Vcvj0cMs4W1gqwSEVOdw9QDUFGwNq9yaCcpQRu5tUbOVIP3uzTNAZ49VDiza3WCOnEatK4rdfz0eIbN7sutgNwMbrjD/9PItRXeyq5KZyyPyl68/em3v1x8z/ThS/91HIr1W4hzQ0vJ1aBRCDgeBT9e3E2oa7OFqY7HXh4Whes4P8EqjkpoekUpiIUgW9P+ZCErSPi/E2yLr7j4p7VoXNctq4/E/TJVswMhJArMdxKf8+rMhYRb8uNzNtf3OrHwVLGZcKyGSOVAJ2RMeAVQGUl48PBAx3D5vjZsV918MUK0zfY9uU6upOxl21yeziPGA1oVZmpdBBf0aNEq4quwfURstO3Q7+rHJxOoyGiSwjQcXEHguyWJ0agrZeQWeBaq8H2pdinG4ovBsSCvFnAkkLM90ePLhKyvkUrwgEky/sn+8Az+oZyO7pm/VYw5sFQLdrcJVmx3X/3a+GnV77nJDKdVV3lSRR0hZ2O0qACaovU1l1DD2fv6xf6qBAMV2+heiSEqbCMatp5905a0f4wurqJluQbSVRk4GpC0ibnTlg16ytLgzKjkA4IN82YrJ/k4/juEzxCERnw4uja1VkDwIBx0jjYrfEVjLDFOKuL/F+nK0Muvf8H3nmYR2g5ZVHpJKASxXNzCC7K5nJpeenJX1tAAr8UwkARlJaVgjHK7Isx6l6sI98R7YsMNXG+5hCFPWAB6OnFNMro7HjIwp+Ev4v40JAnSRjMtJmkY4p9YRsHSXir45TmUVZI/OTSWh52+XHKn9AN0w1ZqIZ33bocCBXZEYrWP4WmERUeLUdczl+zMfA9AmjNfJOJm2D+fjFllfaGvMTZHgR8yWJfwo3yE/Y3d0k08ISI8MYDSj7MzeqwHillL
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:49:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"malware-sample\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e029e9-9a5c-486c-b687-46b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:49:29.000Z",
"modified": "2016-03-09T13:49:29.000Z",
"pattern": "[file:name = '07yhnt7r64.exe' AND file:hashes.SHA1 = '1bd28ec121f413fdf201d5da461845d6eab8be81']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:49:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha1\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e029ea-42a4-45a2-b700-4c11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:49:30.000Z",
"modified": "2016-03-09T13:49:30.000Z",
"pattern": "[file:name = '07yhnt7r64.exe' AND file:hashes.SHA256 = 'f47ba1f8115d137fd6b3a46af6dadfa151b61e14126bfb0f49c467b11c388347']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:49:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"filename|sha256\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a1d-b0ac-4870-b1ef-4592950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:50:21.000Z",
"modified": "2016-03-09T13:50:21.000Z",
"description": "On port 4243 (initial connect)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.76.19.251']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:50:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a1d-e2fc-4431-8481-4560950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:50:21.000Z",
"modified": "2016-03-09T13:50:21.000Z",
"description": "On port 643 (initial connect)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.40.224.78']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:50:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a1d-f66c-4831-84c7-4c67950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:50:21.000Z",
"modified": "2016-03-09T13:50:21.000Z",
"description": "On port 643 (initial connect)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '87.106.8.177']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:50:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a1d-8408-4fda-9a7d-48cb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:50:21.000Z",
"modified": "2016-03-09T13:50:21.000Z",
"description": "On port 4243 (initial connect)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.236.4.234']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:50:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a46-b524-4200-9110-42b2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:02.000Z",
"modified": "2016-03-09T13:51:02.000Z",
"description": "On port 443 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.23.154.184']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:02Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a47-3848-44c4-8877-4776950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:03.000Z",
"modified": "2016-03-09T13:51:03.000Z",
"description": "On port 443 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.38.18.230']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a47-c5f8-48ca-b96c-48c9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:03.000Z",
"modified": "2016-03-09T13:51:03.000Z",
"description": "On port 443 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.177.231.245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a47-eb60-4e66-9a38-475e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:03.000Z",
"modified": "2016-03-09T13:51:03.000Z",
"description": "On port 443 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.22.128.133']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:03Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a48-6db0-4c53-894a-4546950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:04.000Z",
"modified": "2016-03-09T13:51:04.000Z",
"description": "On port 444 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.109.133.248']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a48-7ca8-4a6e-846c-49e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:04.000Z",
"modified": "2016-03-09T13:51:04.000Z",
"description": "On port 443 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.126.59.41']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a48-0e24-4866-a349-4537950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:04.000Z",
"modified": "2016-03-09T13:51:04.000Z",
"description": "On port 443 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.126.116.26']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:04Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a49-cd2c-4079-994c-4af1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:05.000Z",
"modified": "2016-03-09T13:51:05.000Z",
"description": "On port 443 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '82.144.200.154']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a49-523c-481a-9835-474c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:05.000Z",
"modified": "2016-03-09T13:51:05.000Z",
"description": "On port 443 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '151.100.23.95']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a49-ea18-4111-b2b3-4708950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:05.000Z",
"modified": "2016-03-09T13:51:05.000Z",
"description": "On port 443 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '159.8.57.10']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:05Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a4a-9c70-497b-b5ce-482b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:06.000Z",
"modified": "2016-03-09T13:51:06.000Z",
"description": "On port 444 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.9.37.137']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a4a-5144-4008-85e4-47af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:06.000Z",
"modified": "2016-03-09T13:51:06.000Z",
"description": "On port 443 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.53.0.103']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a4a-6918-4f9c-b696-4088950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:06.000Z",
"modified": "2016-03-09T13:51:06.000Z",
"description": "On port 443 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '41.86.46.245']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:06Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a4b-826c-4ac3-9a92-4285950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:07.000Z",
"modified": "2016-03-09T13:51:07.000Z",
"description": "On port 444 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.9.43.177']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02a4b-9294-4feb-a69b-4877950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:51:07.000Z",
"modified": "2016-03-09T13:51:07.000Z",
"description": "On port 443 (C&C)",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.104.211.103']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:51:07Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02aae-fe28-40f6-9ace-4946950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:52:46.000Z",
"modified": "2016-03-09T13:52:46.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '120.63.175.225']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:52:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02aaf-ba40-4996-9fe8-4292950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:52:47.000Z",
"modified": "2016-03-09T13:52:47.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.83.45.96']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:52:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02aaf-bef0-4ca4-be27-4e4e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:52:47.000Z",
"modified": "2016-03-09T13:52:47.000Z",
"description": "On port 443",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.132.31.203']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:52:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02aaf-6c24-4f01-bdeb-47e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:52:47.000Z",
"modified": "2016-03-09T13:52:47.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://203.114.112.99:4113/offtimes']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:52:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02ab0-bf50-487d-99ab-4d65950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:52:48.000Z",
"modified": "2016-03-09T13:52:48.000Z",
"description": "On port 4113",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '203.114.112.99']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:52:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02ab0-70c4-4631-909d-4049950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:52:48.000Z",
"modified": "2016-03-09T13:52:48.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://smartcards.host/qk8CwEpwJ9UrKC']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:52:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02ab0-1b24-4daf-9edd-46d8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:52:48.000Z",
"modified": "2016-03-09T13:52:48.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://smartcards.host/qk8CwEpwJ9UrKC?reader=$READER$&atr=$ATR$']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:52:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02ab1-4f7c-4697-bc44-492a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:52:49.000Z",
"modified": "2016-03-09T13:52:49.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'https://159.8.57.10/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:52:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02ab1-1ea4-440a-a135-4ec7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:52:49.000Z",
"modified": "2016-03-09T13:52:49.000Z",
"description": "Imported via the freetext import.",
"pattern": "[url:value = 'smartcards.host']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:52:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--56e02ab1-f30c-4d60-8f94-4da3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:52:49.000Z",
"modified": "2016-03-09T13:52:49.000Z",
"description": "Imported via the freetext import.",
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.63.202.45']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2016-03-09T13:52:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--56e02b6a-9928-4e41-b5de-440d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2016-03-09T13:55:54.000Z",
"modified": "2016-03-09T13:55:54.000Z",
"first_observed": "2016-03-09T13:55:54Z",
"last_observed": "2016-03-09T13:55:54Z",
"number_observed": 1,
"object_refs": [
"url--56e02b6a-9928-4e41-b5de-440d02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--56e02b6a-9928-4e41-b5de-440d02de0b81",
"value": "https://www.virustotal.com/file/f47ba1f8115d137fd6b3a46af6dadfa151b61e14126bfb0f49c467b11c388347/analysis/1457528804/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink