2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--571f489a-26e4-403c-948f-4aff950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:23:49.000Z",
|
|
|
|
"modified": "2016-04-26T11:23:49.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--571f489a-26e4-403c-948f-4aff950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:23:49.000Z",
|
|
|
|
"modified": "2016-04-26T11:23:49.000Z",
|
|
|
|
"name": "Malspam (2016-04-26) - Dridex botnet 122",
|
|
|
|
"published": "2016-04-26T11:24:23Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--571f48c9-82c8-4e59-ad03-4fb4950d210f",
|
|
|
|
"indicator--571f48ca-b0f0-4da2-8360-49b8950d210f",
|
|
|
|
"indicator--571f48cb-32d8-45ae-8a13-486f950d210f",
|
|
|
|
"indicator--571f48cc-6180-4613-a9a5-4e64950d210f",
|
|
|
|
"indicator--571f48cc-7828-438d-b543-4f99950d210f",
|
|
|
|
"indicator--571f48cd-7e94-4a6c-8aab-4833950d210f",
|
|
|
|
"indicator--571f48ce-dbc8-46e4-bf2a-474a950d210f",
|
|
|
|
"indicator--571f48cf-d93c-4bce-be81-4db9950d210f",
|
|
|
|
"indicator--571f48d0-86f8-4da7-b5a4-43d0950d210f",
|
|
|
|
"indicator--571f48d0-ede0-45a0-8ebc-43a4950d210f",
|
|
|
|
"indicator--571f48d1-3978-495c-acea-4a78950d210f",
|
|
|
|
"indicator--571f48d2-7f74-4894-89bd-4489950d210f",
|
|
|
|
"indicator--571f48d3-31ac-447b-aae1-4be6950d210f",
|
|
|
|
"indicator--571f48d3-2d10-4973-8c8d-4d6d950d210f",
|
|
|
|
"indicator--571f48d4-5060-4117-a21b-4a61950d210f",
|
|
|
|
"indicator--571f48d5-8b70-4ffd-8738-475a950d210f",
|
|
|
|
"indicator--571f48d6-d730-47bf-9ce3-4b5f950d210f",
|
|
|
|
"indicator--571f48d7-caf4-4bb0-97ab-4fed950d210f",
|
|
|
|
"indicator--571f48d7-f0f4-4eb9-9cf5-4d0f950d210f",
|
|
|
|
"indicator--571f48d8-d130-4537-9e97-4958950d210f",
|
|
|
|
"indicator--571f48d9-8a74-41f1-8901-497f950d210f",
|
|
|
|
"indicator--571f48da-3890-4c87-acc0-450e950d210f",
|
|
|
|
"indicator--571f48da-74a0-429f-a529-4123950d210f",
|
|
|
|
"indicator--571f48db-e454-43d6-ac82-4f84950d210f",
|
|
|
|
"indicator--571f48dc-f60c-4d13-9860-4649950d210f",
|
|
|
|
"indicator--571f48dd-bcf4-43b6-958e-41ca950d210f",
|
|
|
|
"indicator--571f48de-0bb0-4a46-a48e-47ed950d210f",
|
|
|
|
"indicator--571f48de-e3f8-462e-a0c8-40d8950d210f",
|
|
|
|
"indicator--571f48df-1718-4a1b-9e39-433c950d210f",
|
|
|
|
"indicator--571f48e0-d828-4a4e-8328-458d950d210f",
|
|
|
|
"indicator--571f48e1-7220-43a6-9f75-406d950d210f",
|
|
|
|
"indicator--571f48e2-c96c-4386-b366-472c950d210f",
|
|
|
|
"indicator--571f48e2-dcc8-4db3-83cc-4ff1950d210f",
|
|
|
|
"indicator--571f490f-f884-4ef7-acb0-427c950d210f",
|
|
|
|
"indicator--571f4910-d6a0-499b-84d7-4c85950d210f",
|
|
|
|
"indicator--571f4910-3b68-4294-9711-4d32950d210f",
|
|
|
|
"indicator--571f49af-ed24-4a75-9883-41a6950d210f",
|
|
|
|
"indicator--571f4a6f-b3a4-4f74-8e62-4727950d210f",
|
|
|
|
"indicator--571f4a70-b6ac-4124-af32-47c6950d210f",
|
|
|
|
"indicator--571f4a71-ea38-4968-a339-4b40950d210f",
|
|
|
|
"indicator--571f4bdf-93a8-495c-b631-4cc4950d210f",
|
|
|
|
"indicator--571f4bdf-bfb4-4cc5-b3ae-4cfb950d210f",
|
|
|
|
"indicator--571f4be0-c364-44ca-9415-4319950d210f",
|
|
|
|
"indicator--571f4be0-6488-473d-88d2-4e66950d210f",
|
|
|
|
"observed-data--571f4c48-5b74-41a5-9615-4ac8950d210f",
|
|
|
|
"email-message--571f4c48-5b74-41a5-9615-4ac8950d210f",
|
|
|
|
"indicator--571f4d46-18a0-42e6-9205-4181950d210f",
|
|
|
|
"indicator--571f4d46-1a50-403d-833b-4ed0950d210f",
|
|
|
|
"indicator--571f4d47-8c2c-47e3-be2a-4a00950d210f",
|
|
|
|
"indicator--571f4d47-9940-4638-91d4-4f92950d210f",
|
|
|
|
"indicator--571f4d47-1494-435f-b2d8-41d4950d210f",
|
|
|
|
"indicator--571f4d48-8b98-4ed4-9847-4e03950d210f",
|
|
|
|
"indicator--571f4d48-db9c-43a5-b540-4834950d210f",
|
|
|
|
"indicator--571f4d49-fe50-435a-8840-4bcc950d210f",
|
|
|
|
"indicator--571f4d49-4ab0-489e-8afd-46d6950d210f",
|
|
|
|
"indicator--571f4d49-0ef8-4d91-88df-481a950d210f",
|
|
|
|
"indicator--571f4d4a-efc0-4705-a624-4e27950d210f",
|
|
|
|
"indicator--571f4d4a-dc4c-46ad-953e-4d9b950d210f",
|
|
|
|
"indicator--571f4d4b-3d24-4bc4-8edb-4fb7950d210f",
|
|
|
|
"indicator--571f4d4b-462c-4458-a9b1-40be950d210f",
|
|
|
|
"indicator--571f4d4b-24e4-4b6d-89f6-47ed950d210f",
|
|
|
|
"indicator--571f4d4c-196c-493a-b1cf-4173950d210f",
|
|
|
|
"indicator--571f4d4c-9624-4324-884a-455c950d210f",
|
|
|
|
"indicator--571f4d4c-8ff0-42bb-95dd-448b950d210f",
|
|
|
|
"indicator--571f4d4d-48e4-4823-b1d2-47e5950d210f",
|
|
|
|
"indicator--571f4d4d-f56c-4fe3-8f18-4362950d210f",
|
|
|
|
"indicator--571f4d4e-7c28-4c26-a523-4315950d210f",
|
|
|
|
"indicator--571f4d4e-5f9c-45b9-aea4-4727950d210f",
|
|
|
|
"indicator--571f4d4e-6cf0-4ee7-b563-46fa950d210f",
|
|
|
|
"indicator--571f4d4f-c2a4-48d1-a6ba-424a950d210f",
|
|
|
|
"indicator--571f4d4f-fb5c-4c33-8959-4166950d210f",
|
|
|
|
"indicator--571f4d4f-8188-45bd-a79e-4506950d210f",
|
|
|
|
"indicator--571f4d50-3ff0-4cbd-b7d3-4bb6950d210f",
|
|
|
|
"indicator--571f4d50-42c0-4ab5-8e40-470e950d210f",
|
|
|
|
"indicator--571f4d51-f068-4efe-a515-40d5950d210f",
|
|
|
|
"indicator--571f4d51-488c-40ec-8982-4f38950d210f",
|
|
|
|
"indicator--571f4d51-50b8-4c48-8c94-4517950d210f",
|
|
|
|
"indicator--571f4d52-8d90-477f-836f-45f2950d210f",
|
|
|
|
"indicator--571f4d52-46c8-4efe-b516-478e950d210f",
|
|
|
|
"indicator--571f4d52-13c4-438e-90d1-4602950d210f",
|
|
|
|
"indicator--571f4d53-a428-4789-8a87-4961950d210f",
|
|
|
|
"indicator--571f4d53-6ec8-4694-8dd8-43a8950d210f",
|
|
|
|
"indicator--571f4d54-892c-4699-bb61-4e76950d210f",
|
|
|
|
"indicator--571f4d54-89e4-4fa9-a59c-4928950d210f",
|
|
|
|
"indicator--571f4d54-f6f8-4384-8a88-46cd950d210f",
|
|
|
|
"indicator--571f4d55-02cc-4b25-9209-457e950d210f",
|
|
|
|
"indicator--571f4d55-d81c-41a1-ac47-44ff950d210f",
|
|
|
|
"indicator--571f4d56-be18-4e13-9356-41f0950d210f",
|
|
|
|
"indicator--571f4d56-f414-4533-9005-4177950d210f",
|
|
|
|
"indicator--571f4d56-56cc-4c2f-8443-4ae8950d210f",
|
|
|
|
"indicator--571f4d57-53ec-4b8d-a009-42d0950d210f",
|
|
|
|
"indicator--571f4d57-7f60-4e53-8cd6-425e950d210f",
|
|
|
|
"indicator--571f4d57-8cf8-41f2-9614-425b950d210f",
|
|
|
|
"indicator--571f4d58-93b8-4ed9-828f-4bad950d210f",
|
|
|
|
"indicator--571f4d58-958c-48fe-880e-4cdf950d210f",
|
|
|
|
"indicator--571f4d58-78d8-42e1-927c-4997950d210f",
|
|
|
|
"indicator--571f4d59-1c58-4534-a146-418b950d210f",
|
|
|
|
"indicator--571f4d59-42dc-4bcb-95ed-4eaf950d210f",
|
|
|
|
"indicator--571f4d59-a27c-48bb-abd0-4cc4950d210f",
|
|
|
|
"indicator--571f4d5a-7c20-4763-82e2-407e950d210f",
|
|
|
|
"indicator--571f4d5a-7804-4410-a23b-4711950d210f",
|
|
|
|
"indicator--571f4d5b-dfe4-45c3-9b27-4935950d210f",
|
|
|
|
"indicator--571f4d5b-8bf8-4aa3-a0b7-4d30950d210f",
|
|
|
|
"indicator--571f4d5b-32e0-4b6c-928c-47d4950d210f",
|
|
|
|
"indicator--571f4d5c-6318-4c0b-b7e4-4b38950d210f",
|
|
|
|
"indicator--571f4d5c-6f7c-4c34-a6a4-428a950d210f",
|
|
|
|
"indicator--571f4d5c-cb34-4c76-8708-4ce9950d210f",
|
|
|
|
"indicator--571f4d5d-fb38-490f-873e-4efd950d210f",
|
|
|
|
"indicator--571f4d5d-5f7c-4d82-b7d7-4d0d950d210f",
|
|
|
|
"indicator--571f4d5d-b490-4109-bd76-4425950d210f",
|
|
|
|
"indicator--571f4d5e-b5a0-4a8c-81b1-433e950d210f",
|
|
|
|
"indicator--571f4d5e-8860-4c2d-a348-47ff950d210f",
|
|
|
|
"indicator--571f4d5f-54c0-4565-8a47-45fe950d210f",
|
|
|
|
"indicator--571f4d5f-095c-440c-bb83-47b4950d210f",
|
|
|
|
"indicator--571f4d60-1a24-481f-be92-4d45950d210f",
|
|
|
|
"indicator--571f4d60-6a54-442b-8408-4379950d210f",
|
|
|
|
"indicator--571f4d60-9bf0-4d80-a091-4bdc950d210f",
|
|
|
|
"indicator--571f4d61-0b0c-4234-91ea-4ae3950d210f",
|
|
|
|
"indicator--571f4d61-9998-4a72-ad29-4235950d210f",
|
|
|
|
"indicator--571f4d61-88b0-484c-9c41-48ee950d210f",
|
|
|
|
"indicator--571f4d62-bfe8-4a10-849f-410b950d210f",
|
|
|
|
"indicator--571f4d62-3968-4892-aa54-49c6950d210f",
|
|
|
|
"indicator--571f4d62-3ac4-4ed8-b2c0-4f19950d210f",
|
|
|
|
"indicator--571f4d63-a2fc-4967-bb14-4bb4950d210f",
|
|
|
|
"indicator--571f4d63-7380-4d38-9aed-457a950d210f",
|
|
|
|
"indicator--571f4d63-e98c-4c65-9fc1-4ee5950d210f",
|
|
|
|
"indicator--571f4d64-6b04-4f75-b87c-4654950d210f",
|
|
|
|
"indicator--571f4d64-dadc-401b-9570-475b950d210f",
|
|
|
|
"indicator--571f4d65-a364-460c-82a9-413f950d210f",
|
|
|
|
"indicator--571f4d65-a68c-428b-9ce9-4f4b950d210f",
|
|
|
|
"indicator--571f4d65-238c-44aa-ac84-48b1950d210f",
|
|
|
|
"indicator--571f4d66-9fe0-42a9-bce3-4294950d210f",
|
|
|
|
"indicator--571f4d66-06b8-408a-a96d-42e5950d210f",
|
|
|
|
"indicator--571f4d66-2f20-4c87-a69d-4225950d210f",
|
|
|
|
"indicator--571f4d67-ca5c-4149-9cff-4581950d210f",
|
|
|
|
"indicator--571f4d67-ab7c-4d26-bd2c-4fdf950d210f",
|
|
|
|
"indicator--571f4d67-770c-4d3d-9b98-4b14950d210f",
|
|
|
|
"indicator--571f4d68-9c44-440d-892d-43c5950d210f",
|
|
|
|
"indicator--571f4d68-4f80-4468-9286-4c56950d210f",
|
|
|
|
"indicator--571f4d68-d054-4e70-b2c2-427f950d210f",
|
|
|
|
"indicator--571f4d69-1074-4f34-84bb-4181950d210f",
|
|
|
|
"indicator--571f4d69-bbd4-4cb7-bfe0-41f1950d210f",
|
|
|
|
"indicator--571f4d6a-3380-4d17-bd68-4bdd950d210f",
|
|
|
|
"indicator--571f4d6a-7ee4-4b2e-b34a-447e950d210f",
|
|
|
|
"indicator--571f4d6a-d22c-4a46-910c-4c3f950d210f",
|
|
|
|
"indicator--571f4d6b-69d8-4ce8-99f1-4572950d210f",
|
|
|
|
"indicator--571f4d6b-4358-44cb-a3e6-4fb4950d210f",
|
|
|
|
"indicator--571f4d6b-ab9c-43c6-b7b3-4ef7950d210f",
|
|
|
|
"indicator--571f4d6c-5610-41ec-872a-4bdd950d210f",
|
|
|
|
"indicator--571f4d6c-9448-4916-90c3-4e17950d210f",
|
|
|
|
"indicator--571f4d6d-9a54-47b3-857f-4fe2950d210f",
|
|
|
|
"indicator--571f4d6d-26c0-4090-8749-4c65950d210f",
|
|
|
|
"indicator--571f4d6d-19a4-4cde-8d6c-4668950d210f",
|
|
|
|
"indicator--571f4d6e-821c-4dbb-9083-4490950d210f",
|
|
|
|
"indicator--571f4d6e-2d98-402a-a667-468d950d210f",
|
|
|
|
"indicator--571f4d6e-8878-4951-ae53-4d88950d210f",
|
|
|
|
"indicator--571f4d6f-153c-4078-b61b-440f950d210f",
|
|
|
|
"indicator--571f4d6f-3bcc-4804-adaf-4700950d210f",
|
|
|
|
"indicator--571f4d70-f3e0-4fce-b93c-4d93950d210f",
|
|
|
|
"indicator--571f4d70-4f64-4e6c-9b00-4f40950d210f",
|
|
|
|
"indicator--571f4d70-d200-465e-a720-4b0b950d210f",
|
|
|
|
"indicator--571f4d71-8944-40c9-932c-4c7a950d210f",
|
|
|
|
"indicator--571f4d71-c99c-4295-ae80-4a52950d210f",
|
|
|
|
"indicator--571f4d72-dabc-4dc9-90f1-4770950d210f",
|
|
|
|
"indicator--571f4d72-95e4-4629-9ffa-4578950d210f",
|
|
|
|
"indicator--571f4d72-34c4-435c-b254-4559950d210f",
|
|
|
|
"indicator--571f4d73-21e4-496f-8bbb-4c0e950d210f",
|
|
|
|
"indicator--571f4d73-6f2c-4362-a952-4bc2950d210f",
|
|
|
|
"indicator--571f4d74-30c8-437c-88ad-4eb2950d210f",
|
|
|
|
"indicator--571f4d74-4bd8-4a6d-8a48-45bb950d210f",
|
|
|
|
"indicator--571f4d74-45d4-4375-9325-4d31950d210f",
|
|
|
|
"indicator--571f4d75-c0d0-40e6-81cc-4c75950d210f",
|
|
|
|
"indicator--571f4d75-a714-4661-be83-4216950d210f",
|
|
|
|
"indicator--571f4d75-7698-4997-b9d5-4d9f950d210f",
|
|
|
|
"indicator--571f4d76-f3ec-47cd-828d-411d950d210f",
|
|
|
|
"indicator--571f4d76-cd0c-4706-b365-4542950d210f",
|
|
|
|
"indicator--571f4d77-c0b8-4638-a71f-4e17950d210f",
|
|
|
|
"indicator--571f4d77-3db0-42f8-a36d-4f4b950d210f",
|
|
|
|
"indicator--571f4d77-2cb4-4a19-adb9-4d4d950d210f",
|
|
|
|
"indicator--571f4d78-5184-4b25-9cac-46a8950d210f",
|
|
|
|
"indicator--571f4d78-3cf4-426d-80c1-4288950d210f",
|
|
|
|
"indicator--571f4d78-75e8-41e4-9eb1-44d7950d210f",
|
|
|
|
"indicator--571f4d79-dde4-4580-96d8-4ffb950d210f",
|
|
|
|
"indicator--571f4d79-0b1c-4bcb-a99c-4433950d210f",
|
|
|
|
"indicator--571f4d7a-9f20-4ada-81bb-490b950d210f",
|
|
|
|
"indicator--571f4d7a-2e7c-466a-bd5c-4d38950d210f",
|
|
|
|
"indicator--571f4d7a-3604-403d-bd76-43f5950d210f",
|
|
|
|
"indicator--571f4d7b-c87c-4cb8-8221-4d79950d210f",
|
|
|
|
"indicator--571f4d7b-f2d8-473d-9c82-4a5c950d210f",
|
|
|
|
"indicator--571f4d7b-f9fc-4e7b-a70e-44e0950d210f",
|
|
|
|
"indicator--571f4d7c-35d4-4724-bc0c-4df7950d210f",
|
|
|
|
"indicator--571f4d7c-3944-45f6-9fa2-4c95950d210f",
|
|
|
|
"indicator--571f4d7c-9284-40ae-9af9-4db5950d210f",
|
|
|
|
"indicator--571f4d7d-0384-40d1-b3ca-421e950d210f",
|
|
|
|
"indicator--571f4d7d-b89c-4bb6-b9c8-4cc6950d210f",
|
|
|
|
"indicator--571f4d7e-1a0c-4fbc-a405-4fa9950d210f",
|
|
|
|
"indicator--571f4d7e-c5b8-4846-b4bc-477c950d210f",
|
|
|
|
"indicator--571f4d7e-8d80-4573-9f17-46c3950d210f",
|
|
|
|
"indicator--571f4d7f-0410-489c-a8ba-4ba9950d210f",
|
|
|
|
"indicator--571f4d7f-3d80-4297-a2e4-4d3b950d210f",
|
|
|
|
"indicator--571f4d80-2158-4f36-8338-421f950d210f",
|
|
|
|
"indicator--571f4d80-4744-4fab-af84-4faa950d210f",
|
|
|
|
"indicator--571f4d80-ab84-4bf6-b56c-41e5950d210f",
|
|
|
|
"indicator--571f4d81-b1e4-43e7-b5ed-4b1b950d210f",
|
|
|
|
"indicator--571f4d81-e4f8-4264-8972-4080950d210f",
|
|
|
|
"indicator--571f4d81-71d8-49d6-979d-402a950d210f",
|
|
|
|
"indicator--571f4d82-0cec-4fae-afd9-48f9950d210f",
|
|
|
|
"indicator--571f4d82-1abc-47d9-9965-4763950d210f",
|
|
|
|
"indicator--571f4d83-32d8-4a29-87e2-4554950d210f",
|
|
|
|
"indicator--571f4d83-116c-4caa-ade5-4e57950d210f",
|
|
|
|
"indicator--571f4d84-74d0-4210-b1e1-48fa950d210f",
|
|
|
|
"indicator--571f4d84-396c-4c9b-b11f-489b950d210f",
|
|
|
|
"indicator--571f4d84-185c-422d-97b2-49c2950d210f",
|
|
|
|
"indicator--571f4d85-0650-42e1-89a2-442e950d210f",
|
|
|
|
"indicator--571f4d85-136c-4f1f-b92b-4a16950d210f",
|
|
|
|
"indicator--571f4d85-a830-48c0-bac8-4bfc950d210f",
|
|
|
|
"indicator--571f4d86-0d4c-4e94-a422-4029950d210f",
|
|
|
|
"indicator--571f4d86-3588-4ce2-82b3-4aee950d210f",
|
|
|
|
"indicator--571f4d86-2940-486a-a71d-46e2950d210f",
|
|
|
|
"indicator--571f4d87-ad54-4279-b49d-40b4950d210f",
|
|
|
|
"indicator--571f4d87-48bc-4a78-ab8e-4c63950d210f",
|
|
|
|
"indicator--571f4d88-ad70-4bc3-94a8-4373950d210f",
|
|
|
|
"indicator--571f4d88-f99c-4807-8101-434d950d210f",
|
|
|
|
"indicator--571f4d88-33c4-4a9b-a8a8-44a5950d210f",
|
|
|
|
"indicator--571f4d89-61d4-43bd-b7ef-472c950d210f",
|
|
|
|
"indicator--571f4d89-4e70-43a4-a53d-46ed950d210f",
|
|
|
|
"indicator--571f4d89-a224-47b5-a79f-46a6950d210f",
|
|
|
|
"indicator--571f4d8a-2ccc-42ab-afaa-4dcd950d210f",
|
|
|
|
"indicator--571f4d8a-21b0-4a8f-8b67-4cd2950d210f",
|
|
|
|
"indicator--571f4d8b-23ec-4eac-a76f-432e950d210f",
|
|
|
|
"indicator--571f4d8b-8080-4bd2-9a9d-4e22950d210f",
|
|
|
|
"indicator--571f4d8b-c488-4c52-a373-41a1950d210f",
|
|
|
|
"indicator--571f4d8c-d308-44a9-ab07-4007950d210f",
|
|
|
|
"indicator--571f4d8c-ff24-492b-91e9-4062950d210f",
|
|
|
|
"indicator--571f4d8d-7d3c-467e-874d-433e950d210f",
|
|
|
|
"indicator--571f4d8d-1b50-4bf7-9e57-4b80950d210f",
|
|
|
|
"indicator--571f4d8d-84c8-4006-8a00-4469950d210f",
|
|
|
|
"indicator--571f4d8e-b6bc-4e1c-b46f-4c33950d210f",
|
|
|
|
"indicator--571f4d8e-e274-4975-8c06-4318950d210f",
|
|
|
|
"indicator--571f4d8f-da68-4c39-a9fd-4900950d210f",
|
|
|
|
"indicator--571f4d8f-fafc-48ac-9c3d-48cf950d210f",
|
|
|
|
"indicator--571f4d8f-e8e0-4814-a2d8-4d3a950d210f",
|
|
|
|
"indicator--571f4d90-8ba0-465c-94c0-489e950d210f",
|
|
|
|
"indicator--571f4d90-7758-46c8-ab6e-4f2f950d210f",
|
|
|
|
"indicator--571f4d90-d24c-4f3d-8777-43f8950d210f",
|
|
|
|
"indicator--571f4d91-c7fc-4013-8424-4e2a950d210f",
|
|
|
|
"indicator--571f4d91-cbc0-475a-81e7-401e950d210f",
|
|
|
|
"indicator--571f4d92-e474-4d1d-8599-4809950d210f",
|
|
|
|
"indicator--571f4d92-ccd0-4ee6-9f60-45f3950d210f",
|
|
|
|
"indicator--571f4d92-206c-4fbc-a3d7-492d950d210f",
|
|
|
|
"indicator--571f4d93-6a6c-44e7-b208-4cf3950d210f",
|
|
|
|
"indicator--571f4d93-8fac-4ca0-b3ca-4f5d950d210f",
|
|
|
|
"indicator--571f4d94-1408-4ac9-ac1b-48d3950d210f",
|
|
|
|
"indicator--571f4d94-31b8-4de4-b52d-4962950d210f",
|
|
|
|
"indicator--571f4d94-0f90-45b0-9e9c-4061950d210f",
|
|
|
|
"indicator--571f4d95-e7a0-4c3a-be5d-486f950d210f",
|
|
|
|
"indicator--571f4d95-0354-44bd-a0f8-4d4f950d210f",
|
|
|
|
"indicator--571f4d96-6544-4f94-b1a8-444e950d210f",
|
|
|
|
"indicator--571f4d96-3a78-4bdf-8504-45cd950d210f",
|
|
|
|
"indicator--571f4d96-2848-4d56-8306-446b950d210f",
|
|
|
|
"indicator--571f4d96-c2ec-44bb-95b3-4383950d210f",
|
|
|
|
"indicator--571f4d97-db88-4a61-8e52-42d2950d210f",
|
|
|
|
"indicator--571f4d97-c92c-4d4f-acf6-4ab7950d210f",
|
|
|
|
"indicator--571f4d98-9188-47d6-b657-4108950d210f",
|
|
|
|
"indicator--571f4d98-36a8-4c35-8c05-4849950d210f",
|
|
|
|
"indicator--571f4d98-9534-45f0-9385-4dc1950d210f",
|
|
|
|
"indicator--571f4d99-a150-4390-b184-4c98950d210f",
|
|
|
|
"indicator--571f4d99-1ffc-4b46-a492-4f79950d210f",
|
|
|
|
"indicator--571f4d9a-8850-4a3b-bca1-48eb950d210f",
|
|
|
|
"indicator--571f4d9a-1444-404d-9a7b-4c68950d210f",
|
|
|
|
"indicator--571f4d9a-7fd4-4a30-b5ad-4e71950d210f",
|
|
|
|
"indicator--571f4d9b-601c-40f6-bfad-4e97950d210f",
|
|
|
|
"indicator--571f4d9b-738c-45a5-8943-4006950d210f",
|
|
|
|
"indicator--571f4d9b-c308-4428-b8d9-40ff950d210f",
|
|
|
|
"indicator--571f4d9c-2920-49a9-9984-4f46950d210f",
|
|
|
|
"indicator--571f4d9c-a510-466d-bd58-4fa2950d210f",
|
|
|
|
"indicator--571f4d9d-1200-434e-b642-464e950d210f",
|
|
|
|
"indicator--571f4d9d-2210-418f-8eea-473c950d210f",
|
|
|
|
"indicator--571f4d9d-d6e4-48e3-aeab-476b950d210f",
|
|
|
|
"indicator--571f4d9e-c224-4c32-a9eb-4584950d210f",
|
|
|
|
"indicator--571f4d9e-1158-4cd5-ac3f-46cb950d210f",
|
|
|
|
"indicator--571f4d9e-d7c0-41f3-be1b-4f08950d210f",
|
|
|
|
"indicator--571f4d9f-264c-4e3c-8d4d-42e4950d210f",
|
|
|
|
"indicator--571f4d9f-fe2c-4e22-9196-426f950d210f",
|
|
|
|
"indicator--571f4d9f-86ec-4636-ab7d-4e0b950d210f",
|
|
|
|
"indicator--571f4da0-a534-425c-a00e-41fa950d210f",
|
|
|
|
"indicator--571f4da0-1f44-4326-8608-4a95950d210f",
|
|
|
|
"indicator--571f4da1-f640-4514-8a62-487e950d210f",
|
|
|
|
"indicator--571f4da1-c83c-48bc-8987-4d34950d210f",
|
|
|
|
"indicator--571f4da1-74c8-4041-9d07-4974950d210f",
|
|
|
|
"indicator--571f4da2-ab84-40e4-b6b2-478c950d210f",
|
|
|
|
"indicator--571f4da2-dab0-4adc-88dc-40e3950d210f",
|
|
|
|
"indicator--571f4da2-dfa8-469c-8cb6-4b76950d210f",
|
|
|
|
"indicator--571f4da3-4414-4b4c-aa12-4a48950d210f",
|
|
|
|
"indicator--571f4da3-2688-4129-80f0-4bd1950d210f",
|
|
|
|
"indicator--571f4da3-eb58-492f-aed3-43bd950d210f",
|
|
|
|
"indicator--571f4da4-96c0-4c64-a280-4c96950d210f",
|
|
|
|
"indicator--571f4da4-2868-4a6c-8226-4dbd950d210f",
|
|
|
|
"indicator--571f4da5-413c-4a0d-8134-4429950d210f",
|
|
|
|
"indicator--571f4da5-35f0-4a06-84db-4c2c950d210f",
|
|
|
|
"indicator--571f4da5-f4c4-4f42-8659-463a950d210f",
|
|
|
|
"indicator--571f4da6-e800-4a02-86f4-457e950d210f",
|
|
|
|
"indicator--571f4da6-35c8-4e2c-9436-47e5950d210f",
|
|
|
|
"indicator--571f4da7-f858-4296-9e64-4e13950d210f",
|
|
|
|
"indicator--571f4da7-c580-4f18-af54-40ad950d210f",
|
|
|
|
"indicator--571f4da7-a650-4c26-b4f9-4599950d210f",
|
|
|
|
"indicator--571f4da8-9a2c-420c-bbc2-4020950d210f",
|
|
|
|
"indicator--571f4da8-f0a4-4ec8-8342-4770950d210f",
|
|
|
|
"indicator--571f4da9-5e38-4461-bb6d-409e950d210f",
|
|
|
|
"indicator--571f4da9-9f6c-43b6-827f-4a52950d210f",
|
|
|
|
"indicator--571f4da9-1624-4112-ac1c-4ce8950d210f",
|
|
|
|
"indicator--571f4daa-3db8-477b-a48f-4828950d210f",
|
|
|
|
"indicator--571f4daa-a1d4-4ee4-b5df-4272950d210f",
|
|
|
|
"indicator--571f4daa-ca30-4c13-aa83-4a52950d210f",
|
|
|
|
"indicator--571f4dab-5fe0-4ca2-ad5d-40cf950d210f",
|
|
|
|
"indicator--571f4dab-66a8-4c46-936b-4669950d210f",
|
|
|
|
"indicator--571f4dac-5118-4a37-99b9-488f950d210f",
|
|
|
|
"indicator--571f4dac-1324-4497-a47b-4073950d210f",
|
|
|
|
"indicator--571f4dac-aff4-4829-bf0c-4f25950d210f",
|
|
|
|
"indicator--571f4dad-7288-4c71-8fbd-4b4b950d210f",
|
|
|
|
"indicator--571f4dad-14d0-4174-8cd8-4214950d210f",
|
|
|
|
"indicator--571f4ee7-37d0-4182-b038-4fb1950d210f",
|
|
|
|
"indicator--571f4ee7-ed7c-487c-b13c-4b4f950d210f",
|
|
|
|
"indicator--571f4ee7-d938-4746-bbc2-4cdf950d210f",
|
|
|
|
"indicator--571f4ee8-911c-4e35-86bc-4e59950d210f",
|
|
|
|
"indicator--571f4ee8-5734-4e4e-b8c4-40b2950d210f",
|
|
|
|
"indicator--571f4ee8-b304-4e3e-acb9-4397950d210f",
|
|
|
|
"indicator--571f4ee9-b950-4ec9-a11a-4b6e950d210f",
|
|
|
|
"indicator--571f4ee9-b804-46b5-a026-4e5b950d210f",
|
|
|
|
"indicator--571f4eea-be98-4386-97b3-4589950d210f",
|
|
|
|
"indicator--571f4eea-f844-428f-bffa-45ec950d210f",
|
|
|
|
"indicator--571f4eeb-49f4-4e9e-82f5-4d76950d210f",
|
|
|
|
"indicator--571f4eeb-3eec-49c2-b7b0-4682950d210f",
|
|
|
|
"indicator--571f4eeb-d44c-4140-a9b2-4289950d210f",
|
|
|
|
"indicator--571f4eec-ac90-4910-a89c-41ac950d210f",
|
|
|
|
"indicator--571f4eec-6ff4-4d42-84ba-4bd1950d210f",
|
|
|
|
"indicator--571f4eed-e040-477f-bf47-43e3950d210f",
|
|
|
|
"indicator--571f4eed-aba4-40f5-9cf3-4927950d210f",
|
|
|
|
"indicator--571f4eed-41c0-4047-abd8-4e88950d210f",
|
|
|
|
"indicator--571f4eee-8060-409d-99f1-405e950d210f",
|
|
|
|
"indicator--571f4eee-8118-4438-a072-48a7950d210f",
|
|
|
|
"indicator--571f4eef-09c0-4a58-9ec1-4ca3950d210f",
|
|
|
|
"indicator--571f4eef-ebd4-433b-a04e-4e76950d210f",
|
|
|
|
"indicator--571f4ef0-ff4c-4d70-809c-4d5f950d210f",
|
|
|
|
"observed-data--571f4fc5-01ec-475a-a9c9-413902de0b81",
|
|
|
|
"url--571f4fc5-01ec-475a-a9c9-413902de0b81",
|
|
|
|
"observed-data--571f4fc6-e478-4cb3-87ed-448402de0b81",
|
|
|
|
"url--571f4fc6-e478-4cb3-87ed-448402de0b81",
|
|
|
|
"observed-data--571f4fc6-f5dc-4384-99ac-44fe02de0b81",
|
|
|
|
"url--571f4fc6-f5dc-4384-99ac-44fe02de0b81",
|
|
|
|
"observed-data--571f4fc7-00fc-4fd7-8818-451902de0b81",
|
|
|
|
"url--571f4fc7-00fc-4fd7-8818-451902de0b81",
|
|
|
|
"observed-data--571f4fc7-b3ac-44a7-9f17-451d02de0b81",
|
|
|
|
"url--571f4fc7-b3ac-44a7-9f17-451d02de0b81",
|
|
|
|
"observed-data--571f4fc7-b2b4-41fa-8042-484502de0b81",
|
|
|
|
"url--571f4fc7-b2b4-41fa-8042-484502de0b81",
|
|
|
|
"observed-data--571f4fc8-8c34-4c60-bcc1-464302de0b81",
|
|
|
|
"url--571f4fc8-8c34-4c60-bcc1-464302de0b81",
|
|
|
|
"observed-data--571f4fc8-91b4-4e9e-91d5-4b4002de0b81",
|
|
|
|
"url--571f4fc8-91b4-4e9e-91d5-4b4002de0b81",
|
|
|
|
"observed-data--571f4fc9-7ea8-46bf-8da6-46eb02de0b81",
|
|
|
|
"url--571f4fc9-7ea8-46bf-8da6-46eb02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"circl:incident-classification=\"malware\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48c9-82c8-4e59-ad03-4fb4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:01.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:01.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMFWmkgqfsEnfRwAAI82AAAgABwAMjhiNTA3ZDE3N2MxMzJkZWM4MDhlZjE5Y2IwYmE0ZjBVVAkAA8lIH1fJSB9XdXgLAAEEIQAAAAQhAAAAzAecLA75PgbG+/tCrfGgRig/zYeS/5eLdOALfxqDX8XVNvMyOa3fgOZzWJg7FYQva3JfVeNksNya5+Iut9FuyerbJsDRC3uY7TzkA0HMKQJsX7p7nzsghpv7PDli6fulcC2X0NBKkSjR2iXuVvPTCgYLvr4PZTYdR62YvWWCnAywraiuKDVfa3esOcLRlK8OcVbhEWY7aEnyf3vwKN4iniKj143yzrT5LdBaX8xzkfrs2hSa4H5j/OjFeGHJUf9u0briAB3NdDFjjy2sykUdCzrk63rAWkHFlTGdhBkgFISPb544EwiemEw1AqMDlKEF4kiwYXGfM7Zd281Y9S1Oflgbm32af7HNmpjqzJbEiAZcUVD0cgtSYm8DIYDxOxMkfHnu+nNzxOqJfZYuACrB1qlgnR0UmjuOkkvgiVX9/H2DlcFAYWbPOMHCe1NKyETUMLI1JMjv+16Nmnt3J/11lMYPY7CdEyvBFvCDLygsBebo8a4QKUfIwnstNHnkjVyTf3/muBacW0No/wFZJsXVAFb8Q2Ey87U9BYlHV2WYpiaeK80zV4+KrYGKPLG9Wd7bvrXQB41n7nTErdePiurGb9hrxdSnujyTIAfzrA+W7Qj3hUffZXQpJ9qLowvRlbi9B7VLHK1qZoWc2OeOnvJzEeTjRYaXdGd82+sVxQvnMYzfwZEkP3meWYzzQxwIf/T0w6e4yyHqiTpmUF9dEGCZbBPa/9+Xffkouyt1f49uIxoSwgIZ1FBlMIrTWuTPGPps32Ihz68JvHYPnIeCaQswf/Eql22okFjx9Gkmtd8qe3k+dSfQsOINDYNJW4MN23DmV29uUsQJN8su5dRmO6PXdeZ/WSMWJrIAz86Ue9hbXpOYBqK7vdokCKAUithL0Lj2T1KsQnRQ7ORdWpMEVFtrTaAw6B2pqgwBbM364ZYgd6E/+8d2d1b5P/JBjvgrYYnyHHbAA5eJWqy69qgB8BVMLUoBBKZ2Z7Y9aC2oYtutnc4XZ8eSckrVpMlYfEYLI9gaT3OEfx1B3si1U38gzD/geszvM3uJ/IbB2K4nlJ6l9sJlkWpNs2P5Z/qRmWdRLwHm7LcZS5EcQwd2Z6EZP6yb9fnOry2fVouKVkFlXOmztE1Usls/3T6dkyWZfD7+hB/Epy1AdXHHnqfTPZrh2JYfiABSvyCiyCQrnBn9Zzi2hUSwSuHfuNC3bwKtQiACnUY85BFweHMcd9Fl7VtLgOdvbzL31fBIOdRJooiK9Wknda9jjbA39WpdiEp5IpKQk0wSi8lXCQcAxdIqsPo9Fk6aOqC9rN60JwROcTwKGQ445zC6YuO+Nu9mKjUu9VEfphU1W63wHhww8p0P2XUK5PhS10S0ghWrq6uCZd2hi1tCHeRLWvUDMjdDJ9yV4i0A7NAL769lc5FTpdgbuOyBmf/DWE93KrCXPhtHR/hCb0E7Qk8rYb6pzuwpZq6WDQtlZ1srBSB9MqDh+CaBGVxMlfq39oiNzFt0+joef5yaO/2bj4wO+ZeuNX2+rCH/A09QCFJIZhjyZ4av4jeVBL+ARYZQglLW4ktGV+Lj8BCaVZxDwjPgoICVYeU/7XGiRX0HI2XS/doGTP6+snmYnxzMmk4QtlPkmiZnb8ycDbS1mhfHIjQ+45iz+xVjHHLoA9sotKLipe5E9GKub+Jjiy/ye5S/9IUcyJz/qExB3Gh0V3zJgR59I91G1ndiSgldZGOHwy/ijFD18MzkZ7UHFielsD1c9ch5/x+xYz6NgNx+YPjch5lNZdHcwf5KEKJczB6NK768tf4CaEh1WJ+4j+iHzLAiM1E5nJbzbBIK/c3ZGbZBfISd9BJy9GMTmTVUgYz0yyElwzzugMgyjcvRNAOkDu05DpIb6So89KqtY/nUkt67duHIKBcP7dLbYILBj5s7yz4S1aQUcE32xbY/wDOmcHYqWLYwccd7hSMHRS0dOhYhOUj90O21WCQSxm+ny2MZRwgGRt7wyTB0yUK/QhfMCbUQ++jD0IFfpQtGo8gqCBhXPEHXXBF4k+a7eoBap6m9ULT+3rOPo4a0ivQ9WdbPr/veLGJkOQxu9NNUe9hCoBSO8m3v9wRJyzZr30Ufj9LPA1PrA9ZnRmFJQgWc+uor6xvb2v4/Xp99ykDG0x5cniLoh1ZL7Kuuwxm9Zp1Pc+I5JOxsMhPvEDD3pQlRWU0QkwtoWre1g/MaXeiGYQTxixvEqPd3hGCGpoBEf0uDY/GvVxsFZUACBNXH7C0Udof3YkMcEa8AfHDwyDlCXusYOEr7C3XyZKOyapgDsqkxBB6Z+vpnt/DlQVSh3JR8YV1O2Aq2HD9OQ9Slbctc/ntqFVpMf48eO6EQOXp7k7x64ZTqY7UTBssZIEFsjKPB7JCe43BOdbA8azE980hkFkO6HvumZx/MxDYgiOAzAD7WSeifhXO23B0VunZyeeYslktxplNBkK6WKoPwTnqSBJQEhycE0X70V1mrHaIuMXmVopjLQ21WoKVx3AreAiOewzbQSoRAoWAKFkcCqcV/b8l5Tk8oSkgpdGULNw0vyLfNXkPQKN1t5YhaVRTcf4o8GNvdPUE8gnyvVIPVUh8GoDg457Mr3fi9dcX+EFByi+8DVzGHfs3rmhFbQkHcwt4CZ3O9kr4dxsku4tufwHYKoNsJy8qCqFruyGySx6Pg0a6IDt7BQ8IzA016C9Fel/guHdigeYlkfhs2dgSd7UoyrpuxbW6yHsZA7uiiqGzcStP3x2W4qwK9K8kIEc8ROnuDbdMeX8PGgpMBTuHeBv2WWl9l8L9Tr3j6ohnLOyOxFGyGmJZAbc9QxZF/OeicL9PFHjePpoSWYPYK2J5UlIIMYucbDDBLun7affkVnGezy6XbO6jcX7BbzGHGWlyqeh9k8PpVtXoklFoG+E+noOT9x1joS/vzwdnX4GCfJM0ExO19LT0/iBlPl+DoU34rgrZIYrgWdY6tjzG1KffdDsHxkfeqzDfYOhPmHjJ4jRa5koRGXr9xPDKPnYMRVP8QMwvEKIxj17P0Ol/hfbYgwyjApkK6+v5j3f5qACvHbVkJs0DV/WHo8XJJ1khP/GMiqmmSHLpfUiAj6JMzZHpN9j7Q865PohkN9zhlA2lx3pB1ZI/YCVQiM8/hYZiW7X5ALqDoLktJdIMg3S7jjA8BHDXQVowCJO3zHU9Se9CC79fx5H6LqIe6rOMxRxNWHLYGkPpJK6w5x5D+mk5Z0J9yAaWkjgdjNcWuUSvCNECRDwfBWFAcp2shW7FZHoCY6EbNXnrIrFlC0U3krf/uzBm4+CsCSup1dYRAhRz/eev8OA+QQR32WsAve3dVQSMIps1vfh2YQHEVJAj7vJPSeZRCR9hvBh40FZuxJL1iWXi/6wxSoMQrSbXOXUv59A/bF55638EZbhrOP/B+soGS0WKSf9K7oZj7wBdWmCV3vwawXIa0ud99SGMCv2lus5Vd65K4qWN16s3fSaS+zdZr/spyDqNf2SCKARedMIOU461wCPasdgpPq2bCzerGnHoBxpPeog/Td7q/EpG8raJwJrZsCZxeXulxidrbXzP6l7NnrrYCyCcW4sN4J6zZzwkVlk0JWu4L8vFL1W8CcSvbn3hNRafe2nOLwBqXkW/E7qgr+J2eS2zKPTyuUxbR6WiuZt/6TYS6EPBXdF4YN60wkPrvcV654fVFhXYsp3ANTpKGjrq2hBJwkkkG1TSN94BaY5sNMpoDXLw/n8XURFR6f6Aw5oRAP6IOp7WD8kYE4wzyB3hbJeHfbYVcG821d/5Yv73pYwwn7mg3DVZrRBe9gPSgN7GeCrTOSzJejORhy5gap66CmC9tqVhfeG09KUW25abdRzvXTp1WM/KpCctHoxAnUNRjuTPAVqiCEM4hdRtcLyaG0fDKXb31/jmGLFrgSMJOubk+HU
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"malware-sample\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48ca-b0f0-4da2-8360-49b8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:02.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:02.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC101682016.js' AND file:hashes.SHA1 = '1845c8304f96de7777bc049e4f4a422478bded50']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48cb-32d8-45ae-8a13-486f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:03.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:03.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC101682016.js' AND file:hashes.SHA256 = 'f8c89cbb5cbcc51e2efa879cd6e48c51c01b4c127b02101565eef379f641011e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48cc-6180-4613-a9a5-4e64950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:04.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:04.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMJWmkhFg2ugxRsAAA41AAAgABwANmY2Y2RkZmQ0ZjNhOGFhOWMxOTcxYmNkZTUwMDQwNjRVVAkAA8xIH1fMSB9XdXgLAAEEIQAAAAQhAAAACXYRBSYNOO4l0MBX36ERJ3XN8HtjR4pEr0FECjQ0JlGXbYK/Bb9LjcufrUBDDnfURB9RveRDAcFhVOvUjm9ZSN8fzXG4GbzcDEibo77NHxjcbIY73jUtVN4he1qvXHCHoMU8xN69DeMaWH0ng8Wy4B3x2Cwz2Ei6X2ZaEQ/0mordbOSVjwf8ERV7uU3tiep6x0eTm6B9Cypa9gIeT3p9nlhBIh3RAyiBk9beBn591YMrOefAfUjwrYvVtTQbU5OkIEAU59lpWoQmS0u3mABMKQalFcdCxpjDbjO0SlY4MWA02G5Z4JhrxuhTkpqp93FaCo2j6+zvFr8VqUPKodzEqq/PVFWLu5XxEtnSAPScPCWk1G/AhG1LuWjVtxsCribiMipXGqL5WF5Pqo7b7LixUlpZvpS4nhkkEzC/aOhem3AgAanunOQxH/yLL+4fl3Lcni5YyCF9MN37OeaCgvGD4+LDCYgPECI2RWJA2omfZetpqoTUONcgMoIos8T1Ru1RYh7+Ta3yz4bCJgf5Eea4o46dCUGt6SnUvLeZHoYMc08CO/+it8vIkpfvt6tqvDept6LsXcejfQ9m6SdG8VTGpjBGAWQ4+IreTIUF222uiWRfYpsqj3nD9hg+dHgYOyaLg3rz+wFV4uLzq66+3QQG5K26HM/LeXBZ3hCsOOnGchFf5CTDXXLBwAyXYYtfzy++8jq2RpEn4Q/EiNtjliYkuOZOWQOLxlYRrXZntTujfWFBC30hmybsaxL5GTfnAOqzrPRCi1zn5lkXTGU0LYfOqGTFSYAwWJ2PTAtNBjhDamgyMT/4d7RDEv3Ks8eYHiO3BVPgrcCbEgI4Mvp7hGYC17qePxF61NP9TZgXyE7NE7Cem8HnXiPloEO52e0nzOjFnENMdCgOv16URRIXj0WjsDAk3+5PDVfEV5fGDj8ulk+p7/TAu4E7r/7sAyWI2k5QqJUeCh+eYJFobZ6UUDLhVyTJizbTD4iJJzf+N/GOeMBIDnRVisRlrEbg16+Ognq47jC5XLMQl2rJCa6sXdgClTS/5XtAWR0+50cfnMjLZV+Nh4PFMYvOc+W8wwjKYENsiM8FtYqRo9pRIMfJ3fYPyXib7r+x6caZSZ2ta8sb6w7TBussYc5LK5yLPyFXiO6tlirGVGH8zk0rkytu4eiwVmChJ1yFIA7ThRZn2ADDi7WID2EAoba7mVW7/Yax1fITt4lAzkaS7blnMkz+Znr5XHQnRmFLL4ifWmohmV+UmT6tDLju+6fcujr+obOMqBPmw+uLJQo6RidYdzDxEtfX0A+XxpUzsS32cktodpKhJ53iLwR/r4AjHxvukx+ypy9vAxQUWr270gShPfAgdQWDERO89EV2HUfB3srBMMt2J/AmhPhScYtOTrvNkcp4rIq5T8Hiv/kzoBojDwGTzXx4BF+ff/+Nw8IIk+KeSfeI4e79KithJ2V40gR+YrVlI9F8KshM43mtIrCX/r2qpiEw2YlfjBf93j4zLFZ0EtJUaN+DAWLO4tJ1cYMd3VaGZ8SgsEeGqyiogZIhciFJR+obMVebtP72h8Ui4+7GqGjVU5K9Orhu56GNP6XnfV1ZcouMnDi9FZKjmbgOpjN0bUpN2K3FKLtljenE5z4LdSJBrbYlF9KJVFcs8eobHoUA/OjpSmzdCdcptwLwg2R3dBgh5HsM4b37hAbqnlusR5gRFp65Yye/G5k23aJiO2raOERaQcld7E7dcOw3VSHPgSKvnxzUxWrT0riXyD23ppgDSgnqvaVIpfdZTIsb6135YaM3Cug46LtzxktJdUGAUcTex49MM2aQxv7U2zmlIoXfxMPu9mgxv1k+Y2nyIWONvVZ9l4nsVz/ssiRyKlzDTCUxsCPPZWnsb+4dbmgxa3WAtzU+i9fz64p7ut3/kk9WDi7UDLNH9mhFWDfwAdJHXbaU/QxsbSPWV61OaDFCTdrULlTRVkAcd+7MoTRbQsYu4OLI+WyM25Ca5z6fHX+1qDP+dz4yRz6OaVnnzLIId+pYteup8tQnG7esvo7I6PhJmkppyT97vUVuqekKOOBUPpQTeLxM9HQVkbPh1iMKy5YaHdItHyEn1K/eOCloM2IMCr/dg3MQR2BUxxA5Cx7gEKxckblVi6ZMv2ECEvuHUGZsQE5uZRSTydC1LMWH5mXstyBx254XxO5hOG8/n9vBTKcgLVuJCK6RWnlty2LmA4oDDWF2Y19l26agRpubBzZ/s7ZpjMd+MPPYCYt9U4o2EiOftjb6kfU5t7FqZvxqn6e9MbQijmz6O77tKF4aJ3XmpVc1fQhy8weW3clrQqJ+WSm9RLNcsrpkUxBHc/z4Snx5Vlzm8ZUHYGwi26Kt0A4+wCyrKwHv4DXQvyDtyd5HyT0MWlevQJOMKmtXlfzQy/yDE6RZfTz9cb0YVYigMVhW5PLB+cCAt1Gck0oW5UcEfttExJbBoHBri/Xc70vJWFPRkEV6fpbV4f7WkWLxEfPnl/Vjph7ugv+Gqro6/LJ1xpd1ms9rEzMWhnSo+S2sU3lGY9vDXwz/gUTInuA/8n6Tky3I9Jw4C4smcqFNFXrZod27QgJE6L6zW35poEIFnn+E8QlGIhjlj0ABIk8Zg1tSUlMcRkEoM1TVYKwn/bDcIT3IR7Yn3R9rObYcpz+JoWvBRcT1+H93V4rjSUvMdq6jOCSs2067XrAIzXUuzbeWfD/4A/6TkJvFNT8hhW3fRROS8cEUpy0ZgFXNFqba+HE7Uf6/pVsmuMj7ZIc8DIh7KSqjCY/4pt8AwgefgucfvF8H5lJcHkzL02Io1BBgu7I45F2Z3fSWCXJVwt6ohD+hBNHVDWB8sp07aebmbaxUfNMmRgaGsTN867QYTdFrkHaU2lNpggdAha/5R11oI+TAt8TMZfqiov9ceVYDfgvkEPYsGTtyq74ew9g5g79hyvk1tHlp58omlLl6NcySX6wzxI8WeoaSnTSGkx3Mk9Ae84FCOu67LwPUj04mJkd0e8PP5EToLjZOoYGmJbk2OpL46B4nynuSLs/i0PSrQ3Ewtm3dAIB9/6FWW7CTWBNFvKIXx4mzBsdFZHt5zq/xFl8v/No40ucnKmmU7Xf4S+4+xszl3RttZsOu+QLkxZ5JMJ++u6D9+Dbjvi+fMMu0aifRkhx6D9Z+7JDQrg/MnDiprmQtmkbUr0oii8BcpfGmz1BpVXS+8aBvvvVJGd228XtDjg2v3cYFvTuws+A9MqBpAd9RfUq0yxBPUiHzNEBL//coBNi4sDTi99DfJTZ97EMn00zDwpYlrUJZXs7IDcEvO17GezGe01AmNE8wDwbhWhdn0xkJoGLYufInseS8IJv9tp1WXhnBMrMgfDHRuYX13MOHfBcRwyd5PjdSKjWN5iJoJQvwcmp/iHPeRvtY9q+XhJy6nv0GXBfFgvFQ40PEsHW79/OoeZz3HQWl3Nevn8zdp7UPIUQ/N0FfcjY2Yw2kUvfUhHN14CbpvXVCAvEasqV/yU34gZ8CHyIVWkg0l8SkvqTwUoRUf2S7t2mEUihvJR9EZ2QER2FkwU8yZ9yLVn1aXSzMnsnPEyxNbHnyAXD8o4aUUhVgfU2tlAzPzbKNoBI088oklASAx/+VTfC8sZMJ7OdN5buuO7gZ81X4aBxyo6Xmd820J3xbUDxIT1/AMOnoNfbebuohAir4Twckl9KAxXgCbMEwqbTvM13A0gCy52QcTcPoipLYV017GVc0MNOQIdcPAV9tnmcPv8pBTdXFXf7UGFEBP3Zz5u1QLtfKX1fzmmQQeLoJ1SoKNVuEdNW6+NLchlRvGyiOK/45W243VJ5lwwoQ5DaH4vjZac7OmouUOsEof+OERzHrw6/rKpnsJouvSyrff0f+5vf4t/ilzBDT9wC6x2nQtTz3iFrQ++WlGVl9U7eatT3rMF
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"malware-sample\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48cc-7828-438d-b543-4f99950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:04.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:04.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1016102016.js' AND file:hashes.SHA1 = '789ea968a264a7a939d5bd17a902cf835b8f0b80']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48cd-7e94-4a6c-8aab-4833950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:05.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:05.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1016102016.js' AND file:hashes.SHA256 = 'd9ca8639623a362440381b728db0362e1db5a63aed0aa23a3251923f81d42ef8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48ce-dbc8-46e4-bf2a-474a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:06.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:06.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMNWmkiY3nWbhB0AAME5AAAgABwAMDIzMTA2ZWZmNWE4ODRjOTdiMWU3NDMzZGQzYmYxMDVVVAkAA85IH1fOSB9XdXgLAAEEIQAAAAQhAAAACXYRBSYNOO4l0MF+TZOwJcxWc249JWZ1Le5UEIT9rAD7JWfDo5UoNbTeKl1cS1c8KT3uDUSUnpD27uIfLp62XxPHkrK7qzhEDZEHmBTbe4NfitzoPZ4z7JH83V193rdkdkhNDSk54Qm/rr+gLyHDmpcmFvHf53ASWLK/HbFE7adLVxR0QhmaWHIBbyQYSH+fEF9qd4Eo4lVW/QA+Ue7tjitv+gsoGl6SidA/HEFiTNuTidtfZ7A24dBRapD/4dvoN/bw0/7PqdEL49ZH/sZSTS8RSUrQHeKe78vDaDW2r2qSYRdXRW/Ef94NhrEYrHcUvmgMfL5nEN2lUqmOFSHOPTREvBYrCxSv6OW1ZInqovfOlNmwF6PLIDAWtJJKisoY+iu9LxxSqZWsF3DoNhapGmN6sqMEqYFneD517r/D28ymFfgeetexNemZTjzyaY79D3V54ZTfdStRikFo+sD0uDoKJ1b6KpPFjd8113/UCN5lsc2UmAQ4XzslL5eMLGikl8npADxb3xGuxC7xBk05azRInxmfBPHf4elVKRGsffN6q5s/VYBUjx1Zg4lt87p8GoQclgTS+7EPd7SkSh4aIwqb0Cd4z6KQgPBG8quxCo0/uvTrO7S1VpSNTmsHfNRmkNj1mqRUtKiIF/l0a49Q0H0Bh8nzTbNNknzA3tcbT7sZfI30PqcZ8oVOxPG1F8qsnsVotoE0o91M7UGxUaQqewLK0AYEzbH42PaUiQHbcc74vpQtEM+O4hhSIGj1Fpys9mL9/HVMqyqOlDBzHUUEG994D7kftjk3zVj2GhQdhbvFsmKsjR2TUKVZYKdAhfUVteykxen41lnvYzc4oXLGwlwkAJ3/+8yjqvDkRVgYVWQTls3twbbZ02sxyLtH77HqMH3wOlexRVz37NhxfmuZz0a1WSippRxmRlGJ08D1R6PeR6jiqE2sEge2PZnvhuXomZ/Lv6hfa3uhfv2QGDdd+cSWYsukkbsKGs9uG5u8CG/mvSP//9093nvloPYe1nXq/ZiuasSZarvsmhf3NBEKZf22jJKtoPpBF9OU5e7AECc0vilpYnK6auB38Gwyat4nQB2vHcMP4SQ+AMkkJLWjkxSAW4riq5ShaHvWrNFYNAtsVY125HkmPmS21GHyi23UAGy6CjbHfGdvM0qglyMTJWI47iADptbc2u3XO10SNWoYVUX98EchXoqLSrCPEFP0lf9ijuFrCGyWoA3GzrTE+itASU2HpM1D1tycslODujc49kHeHEOU9EiAWoTXzmvRIgbRYWfSsTVmmI8yLsHYDDqzU3ME+zY5M39Y4atCPSCXoYfukmkCTu7bAvU/hSekPpQ7YFtQOGPR1cokLPWqHveE8zdJJflCFAbiIf8fh9S6NmFW6L9KGfyUxRRwUs8fTwMN5i/2J5GVLcEuGjAx2ET4PO2s+SMUd5y4z3wTLEmvlxgVnM8EOneqX6RA8SYjtQLQyGycAGgArbBTADQiHpfRaG4PEyC13bE52U+bb7kF8/p+0gq7nwg0emQOHXrcSmjUjJ8WLW+El1ky77lPpjjqoq+Xt1PgUo5DiRDYxy2E9GucAkaomUBAhlnWjt82u1Zc3t8DtsxP8x+cUGXfY6f/QKfnVFZ/24abv7+ZO6BSfgQT5l90YlN9ALIUi3VlSKmW772SZugRLjtVPYmjyEwNsODoa6VAtOqCbXxmzomjo/aTiBDRPSUxSVC4BpRNi15k4Ty5xXhcUpPs5HQniuwv43c1AjVnLV5cFhXzYt0LeY56VCoE1xuP5ixlFJlvMAIhtCTU5qRui8rBCTnHukvoy0F7lGbE2FZk7iyYt/FJExM7BjcjSAWfV5WyECOIh8TL5lQX0MVPJDKDhPI7al6WD6QErVBBb+qW7MTro3/4aH2L539tCtO/kdWuDNOEfcyIk+OJHXhIQRmEKjVTdJjaxgJZ4Zk32Nw5TcRxofsG0SD+LXxsEB+HXnkpaSaKd6gClr7iupi/8iVpXaO0SC7moXuZ2+QBlLnTgqV9S6M6kI8Eve7Atm1gVDjg61gXoAJm8cABvh1fkEUqpPh+bUgoKdFmiw/i9KuA5hPR23gLSNoNzGq+3XTEdiEZpsh8ESJR54247NK3q0ApIDGnPHlqVmNxDISCc9KP+avIGAPBhU8R6F3ighYfI22qLk/EzUa1yq9S0um5OEc3dStZjhE0NEwy06UbxMCRrCiHR1g+fBQVi5gh+ZThYhVJ+F9bi9fN55WLtYpNu2gozseSky9VnYdt0z7E6qNJQY+L7NzB2BJt4UwHDK2ok7BUDCpEhyL75b16mKOd5Yo4GM/6JMNdMnGYJPBWrd6lFSU5MIXoc8QXxa7My/oNaxIQ767/qK7OQZEM/x+/1ipXuF4CBJAOcK+LkGu9Mn2Yp6kEWL7j4UaEKsfn65mBJinES5cu2kk00P+HLytiwMeDQ2EQwZefG0/4HSp1+sECMsjiedTKgRMgI8/HT8K9BgX4LbqMAsSrutdWiltNLLrY2hhJfJJ1N3PIk+i5dWnkxyJ3lUNnw7c7q+H4pR9Gy/l/HGM/AURsZpZjRywtpvw1Px9NkxXqvl26v1tJScjvso+JLmLwAKSddmUOnaBr9DkwrFT3eMzNQUiPBJTOlzaCp2eNDDPRsj2rQler9Qu30X14ASPFNk93vLWXE27TI6XGKDIHrPjYAykNou9QaKusnw/+Ho8Oib8Jty4jUSJaDssl6Ib/OMYW9+qXEoCBgVvKzDYh2XEVpN8B2R/lWV/kPGB2RrNY1Sp8muuXC3LYmgI9V9dvKe9+ZnDfhXGWNaqldnIEdTL1dLY7YpGhxMHAomeRfiXA9Wsw8fVNf5HWe0OzhemBQQmnlgmG7nAqqXq3lKlv305CsSW1ReZQpjTeRIgtPkb4FYlA/v1qZ5LdvPUVa2Lqu4oE4mVOc9SFRA9UoYCEbkJwymzExDksSGpHUrIrE4SOealY241FyncC9kyFG9mV2FoSROCpvzR5pwP6eqz8SoYcT739S4Sq7nJj9tidOHLp9xUAH9MNbvZFt1IwotnMyF59O84BdcNuYDDQUsVzSye1TXfgpXthtH0EPq5yseNLpboy+yYnF6y1rfwIh8LH6ioZzOySXNKIX2SRNgFrsjIMG7ayazJvIKgpnXp5MuUzQnE5I+W1Z5RD7bl1nyUfKUFRfeN9ZGmcGR/Kvtc7zTUs9nl/f/bbTKozcw4NzgYyxql0Ofx3pVUUu1acqkbnkFE358OFguXe6sD193ttyKiYMsgKE2nzot7vfFIxE1VTbBorMPYpWCUWIrWC6DFRwV6Ub6bhMZUTiJFhjBg2+YBTcVH72qznztiVbAba5JFqWUsvkStiAiiNPEXf/B6Kg7GLW2ZMmirokzAGlUJuPhr0FtYPWx0iPCOHSz27pWyjwt3h9qgbUb9W/HzPJHAGyBt3GZBcvzLtFiLLu4zaNdby2DbeQzxtzrbD8ko84NTDbl/ErVjWhMBjZnS7Jnzysw2db+c5iix55eSP10cgL6PXa4ihAEIy6LlXLX1NtJSwIB1lk+rMatv7oWrYrWG1VzYXhJmFNxU79va8EurYmx0cseJO9VJu6qf2mystTP8+mr715OzbgxHRqAYNz5T9PrK7xINXzOw0nADK7tF2VEb1rl3kSEVgtN9LZ86Mr2H3N4TjKjSWZbdsbd7hyV+oGia13eWEfZRN0pva7o5bMdsR0LUFYa+kKZlo7N33oTf7hOAwFyQy5eGHVNp4YrTVBP+byFW1ykjrGmt+CZS3Z7P/F+sb2IowoMKIvE8zw89gZNyNW0lWkhsLohD9OF54JzK1YJ0a3xzhc0iT1KiNljpQdwUxPn/ntL1d+KIFznLf7m5HH+Bogaw99YroDUrMekXkLDfkL+ta7ankpuAOQXplIGab7BjyRZ
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"malware-sample\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48cf-d93c-4bce-be81-4db9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:07.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:07.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1016122016.js' AND file:hashes.SHA1 = '9b2963515f4a4cb67f7deb058fde03f5ce6024cc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48d0-86f8-4da7-b5a4-43d0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:08.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:08.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1016122016.js' AND file:hashes.SHA256 = 'ce189e88c7225d58834e4bc280275cd50c34bccff38e013a4de26e68335b124f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48d0-ede0-45a0-8ebc-43a4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:08.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:08.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMRWmkgpAM9lGiIAAJ4/AAAgABwAZjk0ZWZiNzgwNWFjMTVlYTI4ZGI2ZGVhZmUwZTZlNzhVVAkAA9BIH1fQSB9XdXgLAAEEIQAAAAQhAAAABlvF9AUe+6XOS0i+YVzAfHPI3vQCZMYUeiiBkuLHOHw8sQl9dLasUgXi52e9Hr7wUdYRRlsc4NPCA7MTZrHUyvFRrofQKiuBwRBRVsj5Y9Ymq6sU0UStnDzluDGjYtp/2py6Dg0IYnZQTBypCm40x6H+kZLRqgXZCedIz0Ynf1c1ANd8LoCMFWZFSywDVXXclCh5P+pCW8xAnpiPlhO4N1eiTG/LhAikHggO6mRkCBBKiiiWAVsH9Jknnyh8bSiNh3+H2/XDGvUy0ydG2D+1OyZab/MIKWlcQbo3UeWLoQsKo9rwAkr42gl0uW8q9ANjvbgrZTaPWGSQkQucRWel3zneJz+PoX6GprHg7t4eSZFLlSsNPFnfm64mnT3dgv0QTlYAK6xO1tRIKAvaecLfy1zFBb8Mshpz08HOjNF5Z00JmUSHRheWl5e/OGUSDhPzmuSUN5x24E0LN7LXG+SZoIysj5lrvqYf9mdkI8i7vz+xjOS+moOvZOX8FCXVoPBguQrhn376lsr2BR2966e2wWBx5lzw0Ey186Bzpi1zqZLr7/3YG+BFsJnlBcb5zJStQhy6WBoCXU0kWAI1qpVpjwCj70x4TdlX0DcTO8alGzjawgJlk4t/J+aU3SeEypeygU3zI5TjGHiHkpCpp6MqrAEmCSmAYtKZHCKizqIDgfO5D7pKHuKwaVKeARp9lMLewlzQw/jaqBURbbLt/DKQyLuRhBksxYRZYvRb5pEQVr6jY6P4N2guz3A4G9iYPxziyzSDa18/R4Yt30IhujhjN94CgRM5KwwhNfjukR3QgIYl8ZgKubWdDeMV1H8W2fQQw+/Ndfof9poezvWVvcIYGZQ/xJRvwsRGLi1WXDU3RvnSpB/TkJf4AzygLfXXsGBz96n41jNZ/Wf6J71dOkjiCBtk1H7w0E6AAsMNiq7tzIi5+ZmAGA91ZLcgTSltTFYRr9nMM5FY1pMNfCn4q7HIFm/e23m7Bz8e7iarz/USpwjyNnTm666jgxMlC/Wt9FF8nB53XVSXExuzQOlCvwe1m9tq5QqvXTerd1Geh1bAJAJyQ3DUa+M/lKvYni6W+JfHP3ZX1sQuX7nWeX0R7/FWu4hSBFZ5C+nQGlO8+J05Df9bkzM/h1N5fPCMVkiWM9V71nR34twtoM67g6sN9Dh+s8PCbPGZy+4tmK/d9UtVIQbjNn6zADy5b8tKZ+ILDq0WUwtKRwPma1gLgrJLzja0MCtXdhFi16wvA+3BiCTnEbLD9yKp/B0qYDW7xYBf2GR0JeH9ZWPuVv7WXbZ0JSZ7/p47jWgBfAfvkj7UDuXeghnfo9Qd8TmO9wZqrTJ51PLFmD1X+Urd0Jae6D4IpDtDb+a2GQZajiOxhE51yNIGy0wqKBzB2S7oA58VaUM52Ce4NyDu2ivlFIkNcTGn9VaTJlheYXsd9kD9KHSPQb8zuYLWcK3JYuuTnlvI+Zxh5wNJy8NBVh7+6FSFb2iQvjDkIgeZgSucwDmmn/vYD5WTm31TzN0ZTGkqtKkCdDas5tbWQlSV8tkV98l/zmgbQKyyS/9MQZ2mMLDVuEXrftmooT6qpf8iIscDZj+HDcpPT8ye618S9MtsuGOmE7p/qV5AxBktk2p8tlkAPZtdfuocPwV64DTBaHp14ZpSj7mfyaaO1eYSqR5acq3uG9PLP9bZ9v2WGrHGVVBWvg1PswbvcshhZp8dXtiK5CJ7TFgAxq5/o9WEWZkQ389+ss0C0e0OCE+A8bs5TTsT+ZfyPw1gP2oHdrSnwXF2a3K7dkoBriOzWonq8Zi2mPkC0/IraqgYFLBFiqij32AeUSG7W+04vp4u9KZ0FNEr1Kj+9BKwPn3GrF99pKe2BTBqN3Sr8FlxhG7j8VqinI36muvn43kxL9LPw0fn3ykSSPI1nL98uYMrEjRDKYv8ELLijP88nZmlA2kz1r9EAljoF045fkL38ndTXFHZQylfNEMHGTgCePdd5WtJlDZzz/dm16eYXEOB8ua15geylw1Nf7IO+GpD087teopYTz9R1eCxLEe9mGZRtYPwy57YxxTzhH5XNKUtIl826KWSs+unox+M8gs48+/aXK4IATg/cXzJQbm1uNiegywVhCxtMDh3QNiF7AcRptMNTOpDCoZt7cONN+SeFdbAQ0fIbR7wFpFgahs4WHvFh4xGS7ap2bJ5WveysFQlmi5sYLi5ZhyT/oD9pqd5lhC0NHo4D/EHXJ+VCn+xJWkR57sOoJOKhH1fUEuMQ/y6YJFJlXryQozI98szbWuSSGwtFIIodreMmAh7x8aa4EHXs+Xlk6ZVFhO54rVSWnV6SDqDYWdAda0voFr7E/KoaLs48CRYcxAH3KvPjpGq4dmOXC9h8M5GHH4Y33IMJIaqMsb7W8Kw2OOg15F23gAyYsqaX3cZ/rzeXRpJRMdYFCx3mN2QiwgX0A5+BIKeCdFraBajeIWlq4+YeulDg9I0DQKDqVk++92oULMN3hDBrfnF4Gxwu/qS0n/hL0YqKxDUgijmnh3Bkxr+xm3yGgnfSyF2flGibJoEVVnG0vsVdgF539JYD5HN6X/atIZJDpE/aZedMlZtnQIBZGEk8HpZO8m3GsZ2X8P7rrCYy8ySQxmLLYk2/D+33Gd6Skrgwme2czzQIpHcfeVF+Yhf8rWIgOXuu4yKmIdOalAfA8Ze7zoXMg/kzJIJiXUzmuN89+/OwULORXS5aVzkzUpvQKZ7n9+3LFxkqH9NpMp2LTEf0kDr6tq1lug9jcKnP+cLmTk9SK4d4vaHGZj2MiOSYmfkNLeT0WuIJ+943YF66uuqtwEoM+9vcRvhvdGLxayuh9IqMlLbNT6iKB7CRyHr4kyTd04LBffPTBzei14sSGZIdtfgXTkAYgePi+gzpXRxE6kneTdoUW6r/Vohkv4Og/95TgyJY95r5FST294I9RQ+mJsmniTXY0UpTrk1g6QDbsjcNgrzRBS1Pj0BcI2p/uE8yVxRlPj3NNfzXkbr2AncmpCnhYhYMrJ86HiDco2qMLIj4DxW4aOLwX5TZZjvUHVABcwccrrLN4t9yAAfk0uUFLQSNTtNO+Ji48Dz9YePWrcw2NTVb/1EvPmytac/Yi8KaKZWOJG5gCzyheIAIHfyrPxFKUIcBH5+ZbHMnlOMpVRcjzsvOvN9HXYNL4PV3aOifsg7IAx9Je0KnVQ0IZlDS4PwWOpTVXw+iqDqbSeM0RX8dH6cHL5GM2sVH7nMxuyYzO2PVTs3wG1mXbdz+GqGSMao8tXysn1qSaJ+WsRRfIfF8/hqZvPzXvq8bz3Pn+5S/AHgIz6sco+bYGU2PADwF8RK3tLf7Q9i3mWQtGkveIQL6QGzyse+MHZ/Sc5hktbF6rfqHjZvkjjj+PiXOoZNxJgSA6bgxPyoJMvW8XiLMRj0coTQOWkbv/OzVQdMr3cfe88I0FyU08PEq5Pw8U+lNlqUTiZlpVTrTUODxnt+yMC+9LO3DNzsPjN8KKQ2V6J1bOG2Fpo5Y763q3nU7UZ6jyMt974iCsrf81f8DUUwuZ9sN5EGU7G5z9JQGZSwI3yMCi3mkLtjGTkI6oBjfNW9yaWymTonSz0q32x6Dt81rV7V2o/vlsSQbOkB5F3yq3T3rKKhvQ/Y9LZqjJENpY5nLDUS8bJbtbIaczr2OvXxOwnyt4QZudyRKVU7IsCoWlFnAe/cM5rvW44sV0q1XpBH85ULhcHBDHxRDBEWKJmIJo9sShk67F0Tb6cNhcOkF0WBijtMAoHn2B0t0D5RJHu97MBx0j8nw+jzMI2wOcdbn8ETWzj5Q/ZFCHQ4WKUs0IPvIiLgCl3LtrITKtGfCm2rn+wCxKnZRQTqGQcRBawKU0BboG4U+knvYLk3ujUG32g2spCIW6y+pW7S+RwFkBJ8UF1FyDCyAxczt7JWlf
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"malware-sample\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48d1-3978-495c-acea-4a78950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:09.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:09.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1016132016.js' AND file:hashes.SHA1 = 'd85f34f9fd6f69359b6be1e1a175b91737fff53e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48d2-7f74-4894-89bd-4489950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:10.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:10.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1016132016.js' AND file:hashes.SHA256 = 'e89b229de6f4ac9891b2f507c7cfc57e48ae46a431ce02162dcd0e6b4d748e5b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48d3-31ac-447b-aae1-4be6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:11.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:11.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMZWmkiB0vHffBkAALUvAAAgABwAZGU4YzUwZWFhZTQ4YWM0YTAwNmVhYjEzNGVkNjE3ZTJVVAkAA9NIH1fTSB9XdXgLAAEEIQAAAAQhAAAAEd/fOxiN33Tqjbd5emHcD7mlvkmW0B327xJ//ijHeSmfEWzezHelcvOTqMcrB478KN3Q4YWki/lxDTRrN7ZSjaTw3okLLK/Um642vUbGWNbUm8m0aMW7HFua+ZA7VmDgGRPCyQSG3REPmtKI7Js7RNDkZy7wAlzGnCE6/DFsvEEwc81HaiAWyDJu/hTI3Wr09aCtjsiV4eVPRdUECMtLrNsYjCWaqD5VYAwadA979nX9YfmTfugDuFiCmCQUZHem/AK0qhzDvhWU1OwX73EE8tUQ6d87hHAk0TlpbwW76pfJolQNTkYqXvoqW14MECnGBq+ZLxg5lo9qS81eZk+aaI8e1Hc6O70NlQ8lEQmXjUqb8NFQg+o5y0haeD9O7kUv267+SIxPcViOuaXiKZIQVbP7m38H5pEjbySZb2Yei7Gq9K0uqvUvswA5u7Fg+HxoH+1X3O2BBr0i6UJuSsOFT0FKqZk/+L+TgUELtfcjLH+3GJIShyD1DzHO6l58L5vJRrwNYt8aYInYn8YR66g5GgLX0Jg6qgJy+iJ8eyGJtS7+CC5YM98IhsnU3DmawbBMDKlNFkazr6cB8rE7rzfyz3Ld3o5rzORv9L+pY+jSskO/bzelg5JF5VGtrNj6tyeCdQppv71hDEQLAUNUJhRT/t/Bmjug8MyyjFbNE3TeMjk5dU43FX56bSS5N1sIkl+eGWBltT78EbIWEms27nIt3FkuNPOXnNQ9XvUHlgQjsShIF89CL61lgg+dmhh8+5EdcA8MtkMmgeoUgPk6OofpqvpiVRt9ZDWiLt2RfZLYBZjqRrjF7ule+zhuTaHA1MxpY0B/hIzJnstnnHOC18Lz3TUEcmbvVUBvJ1qb7cBIOMK272WC0jlw0K+ZCt8nVb0TE1dhbCBDn7jetGjmi/TvB3n1aeqEPGgRH1Lv2vot9PD7zz4xrkaMAMIo0n46gSPtpQRuuMXuuqlraJb9kNvHoCLioldCXj1rhCVjVULgaipxKjm0RpWY90L5bVUHVq1xz1zgJV4VBQKEGJt4t08x5VdwAytZtPgr4FsOhdnZfEIvwIFoMlgDK40pecjyAn9DJGYIGAVyOowO+Pc1mX7Bw4S1+XpO7AY/9ieJeJ84sfqCaZzz7aePcVT8BfaMy2igCzvkp/l0TRCrHHv6cJMrK9CRln+Qs0we98K1r803JBtLcfJiNVXmgSPvHdWrA6nvIeEuAWxo/tgtmdUPRhzJw5W+t/w29CvsKP6BdOAKjUwtgkDXs2lOh12NxXpMgmSda/7x3Q867iAzY8FNCJ+SEaHe0O35I0Pdt6CqkbskzgSX5m8xil+Uj5M5GdceYnMH0P57E1xQBq35DGUhoSOptqNeVLn8SmvoI0cu/XRGupKegzwgVAhx2VslJ8i6TCl0d5cmzUrf4v5K1HW5bhqxl7TPBKKKS6Eh6pbD71AH6gzSMvrdydYA0ImuJedUP0uMOLytZvdlpkruqYzvaFbL8lGCtLbyJ+K+3iSawZEMskCwcI7tq8AQFEr76r8D7IXVvwv1rSby/ZxWM3SGs0SYrUZ/4owehcNNkK3KTMJQYRNBUYvB0URPArPb6ublJJfcHHEqUsSinc7voL9YNpdZFWsa8XxmiQ8rqkfzdmz1xe7TOAlFZPVKk3hNWpXYxLUZzlG7w7qwvhmtO0BytMCx6yCI1rpQX3Qv+oxdaJ5XAFYO1Vhnh4YvVxkxk9o3/6kmTNP7gOzpuPp24kOecY0umkBxLyZ/v+mBMkRv79jhhvu5obeb/w6jBjQFBdMd0HfgPFY8mHlNe/erLdWdpD5t04oO2wi6U+DBe7S+iTNIy8YUCnPL95y7aojmwCrLid41NdRiiGNfnfJv4A1I9ePfmA3arvIYXRHhd3hqBEWPztaOfVrv8m0lJWhZ9A+8zOFRaOiMpudIbeX/2aKGIxzzh55bf0qGeC9+txZfKEvmE9TjTk/F5aZdBqHixk2HEKRN/3J870sVgmYhksLFFGKVfJqUdfwcZrU2tnaZGLbw/f49EwZqyfHMouHeJlvbd0McZH2JJBpd46137J0l3eS41Dulg/dUmO3xPULf68tif7jhWVGFXGcEPds3kMA8DOKM5M6cunFkbhNv2+/XTE8PIXthp1JYJGzMAI2iEzp5U3s7ukiLwHd4fQVML4Li1Pwy5VytT6MKFCPIcT8Bib6ohcWyL93myz92w/5WlxhlRb+KQ3uLuBCm7cBDcP8wtOYy1K2/6VJuRRTzU73B6un79bfI1q/DBIHwjgzZV1RvaC2E04LjOBYJuRPLNl86mwlbApGmaGuDWluoMExSPlHvzaQUhP+fviBik/46jYGLHjiyEPTyyyhaBmz4bEDQCrYxfjir8zcz16pmMnRRIUoX2NKKoubmL46XjPrfCRvOR+93eN0JVyTBpSgOhEqyPHbVxuyJjPO+DIXraKtYJLCpFrfjaGviFqnZz7ODgIjFSNL3xWvf9B5GOeZIRxO0rKEeunnAEgaI4MhfMAVGxOsQ5KTTPB7rm6pgz6V5zMfC7orlgG6eCgt9nLGoyJOK0ZrI4zvzelkAo75Y3eOVeZdvs61tSj+G78+SIQn4eEtr6UvDhpk5QYIYo4WvexGzum4jD4Sre7JIZ2sbv2263xPJSdF3Z45575/NV0J3OFgXhe1DVY73hkQ6INbTe7MpxFRjNIdXQvaAU8jn+J/x0hhhyfl59+3vaUrvGHwYXvc68ntBL/p8bJd+ajCIeqvcgKpOSUYNYP0phJJC01eGf3SQ1iVyq5i+9c5pC1birTKfmnIF4V/RkU0ylLn9cPCr77Qa25ox1PaRfMV/Xsc8gGHU2EOVIhdR34sCLe+bueGFhAXYjfo3chY54sl22JGn2t6ONfGOXlx2qzAUR+uSbpFxBEB9hFH7lfntSyTR2/4X6pZhBFnvcwswGXLvXAHVSUc2XyvRvh58PcVc+M7JhZhPHNW7hHuct+a8ZMDHqB4gLumspiC+Hl159cIgNgRz15EjqPDJAhAEtSB97XLtQuLNViUkHGn/OaILh8zXI0byPfzI6gDItR25fMVF4xbSxsvGny8IFDVTznHIXp96me7xRgU1V4/tqdr9Eq7UasfFB6LsMW/yG/kzJMYUby5fwh7zekmDAHckfaKvsRpZKY+3Ra1FxzQl9gJ6r7Fry4AjEbiPSXaRaN9bPu7yAtFKAR/oiH/3DntcNHDcntaH7T8jRK5cXuA7gLwJBoKscVIPS+rfsMIvHByAJs07W21mOCi0siU4C+Afi+jJ+pCcr6edNb2RWJcbCc2rIg/Lx91md2jZJQL7qTiIEGtjZhr16rPY+KlMLaIANVZQkCgebHuB6xTcfouONv39yIsjfgtO81kRP6PgpuYBdQH4DYIkEguYHRQdVSs5Nzngll0lXYHeQiF9XQ1e/5wRdm5WPh6I7PTbC7yszhmYGIFTkXX+W/2o+uG7QKMMZ6xLiAV4cXYmrtRl986dEgLeQYlVRs3KJ4maxD7dey762ohj4o7Du05Rba5BjB/au9CIg01LAC+B8qzcHIK5TH28HBzUlhWDhQpD2aKs1cAoZ5OICW+MQU+cCRRbNhzfF+71LkLHi0JA0XxLHYcumh7T9s66/e1ZdDDk9g6QBv1m9T/Gojow3bxb2DwYi2JfW90almNbo6rsFwE4BkLFz/8qe3wYqGUTaXmLr/i5aN0ZCqznrcv4Tf7P6z3IVvQkydmcv8lhxGB6vzKBXfCVR+wcQAzqYfQYmsjY3O4sQbFnNr4ULRDGypTORfpaJS435ZcE7d8iRdvUR8vcY7B3zqAWge/mRyaJ0PUCIIWvAtAfPp9wNWjNaYEwQsbf32Wx+To4uvrzx+wLjRs4Oqc1MXC8dwaDXpOwe4hrCzjYkYNfmZedEuz6jbflbG+Rr4DZTjWrwz
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"malware-sample\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48d3-2d10-4973-8c8d-4d6d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:11.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:11.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1016152016.js' AND file:hashes.SHA1 = '4c5ac94611ebf1835f8a709da5301afbc3fbd802']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48d4-5060-4117-a21b-4a61950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:12.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:12.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1016152016.js' AND file:hashes.SHA256 = '0d9fa3864fbf8a225b33f249dd4795d75cce2532f0b03ff5faf59d9ebc0cee79']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48d5-8b70-4ffd-8738-475a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:13.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:13.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMdWmkhBQy4/NiQAAMRHAAAgABwAYzU0ZjhiYWVhZDJhYTNiOGI1OWY3M2QwM2FlN2EyMDlVVAkAA9VIH1fVSB9XdXgLAAEEIQAAAAQhAAAAesZ9BHZfNLEmtXddaQUyXqIG1PMJY6EY5Dja3U6L3V/ROKMWGsxWllxU0nIGtIalAFaWZY3FVWqbsXfia3dOQK4mRZ8jl0YfTyzx7e+zDlx3B5dOfFAgQ2gDOkIFBWa48MFgpU2oXScoNiyAc/YXmGwLgWxZJNgCyyaWh71svR8HrzDhFSsw4Ll+Za4weYB2i0/9tghyf/ONV0aMQCe0Xk037HmdlcJWuXp5W5rzuz4NvP01c5u3vqHKCQkifeGLpxGeoLvyoyi0KNtCXyLWIKubcvLEe6QzODNrnHh2oC0uV326C6xIgsPesR5icHhUiY8yCNBlL0UpubV17AEkxMfZLHXWazWXmTQpXkwG6QP25c9IgFJbkzvf2fLGfXDqiIAzmvL1ZWmT6iD54p/0O4SdF2ehgqoNzoKkVWPtRLvgH0grqw9jkFJ3YmGDyOpiD6dhvu21DTtkx3KFehjQyVjfqUW9LNJkkF/+wWZqPFZbW+RTsZxBEdR51lQdgUZD9Q2dCVxD4o629QhXbXlL4HHy0MUT2u08iVszJiXEhOBb3WApCAFGvvV+jJU8o1n4NsayEdNseRQjgbvN4wIejjZw0D8BeVFnlVtYo8/JlYfse1encTze3qP2aPVcaZBuOJot9dDrfSQTuTNkO5J4R+cQt7YZ2nRCeuq3tAt5D438hDMUFImu4P7/GiolNx2rsOWyvyjdvUM8efjndIEt+1AhujcwWuHGGH/qUqcS27dQB1VIMseNNlk62rTMJgJMWg4DAtayaG9NlmFDDv7Cm0DZfriXTtcqlU8UhdDX0CCZyfKTOFGSoMmwkATcbzCOcW/M+r4UPd99hiU8s9SO3BJLqjE8lD3xb8OenkD/cAYIx1RgA8tz+vBul9l2HhZfek/78xpMM/uFem8cyfGXi2J+OiAF6ytUQJm/J9kn1aXshbVggAw8eNdGKOzNANHUQ2a3GP1FZ6M0XqkvP1j7Zkg/noO5CeN6PQPSjhUVZzAvCPcpYb4iM/DO3ni9eZrUqqi8JPPM8WtUqAQ4+rdFGi6wUvhGT9MpCXvSpEeaQ6rp8PGeu5/kSkk9k8h1jHHeoefxqws0RUmxjRGimwO+dxCS0tAN+lVg/Fxub1zwDy6R+JIKSJCiQYAnpvVjEBSN04sDgcMynDWC1gJ+vsMeDMxut7jWp/p9+m3i+tOvQhoxk05K0LFmAU8QJWu2o7INWBtwkUUcZ2fTrY/6AmsvHnlRJ8T2Zt7n3965+vRcE1P2Cj9KMvWhrPtE8ryqM3GjTh4CMBVnFq8torpPLRiONr5Gg7TFwRd8NaZjwKgVEGXX7UV4/uhzg6pu4Gn9qfiuNSZWK/1XNTM+gG5JQ0eufylOwNr++ONiiCM7+NRPGK1JNTbL4V68mjsz225oJ944Ec0xeGtbG5/h/lLkE7PuDzleEcZEU5LrUq1nEiZie6ODl8v3gYyvRqS6GHplv9ExCEs+9F4NCaQqT6Llf6nW3P0G1GtWu6ErGFU07QHMOwFjKkjzs9cGTGkBU2NBNqMaYix4VUU8cNa2K4phdqYG1UO4V64FMlcVOqoDPf94V26CQr0AV4xvEyBp/vQubHQWSSD4YfyrRXeHYiJ9FIfamQUb3V/eoU3Khe+jSoOt0EumKeIfn2eihJ6EFKuzG+AKom7ke8YT+ONI0lpM3+Sj46aIYsu2TrVHDihidT1A8xr032pJXMMskvJKjExb3q1sJDB6fztBwL5K75owyYnoFrLl6ckWrBfQEX/JxkulI1CWTcAhRzDLgK+NT4peKSu8rt7csRggQ/4vUJLdXu48y2BQKXEb/R4Q4njSogEoPiJU3dQi/Gf6ww0kJwXXqwyUtb0UFEXivYQSVQ5hhnSVMcr5A5WUIpM0I7rPMYEfaIteLrqFc/L+rC5R7lZ2yFSSF7NeatR28N+h3bvQzT5mLFb/bbFJUq+OgL+HsvY48VWOmh0JfXblpOZ1craCbtpsxsAsyo7epegw2IosTALLXMoLhfmtm3fQf8OsqWhZBVjT6QDSDNDal9YaJwWS6hgdK+ybcAjwX4Nritj+P7MCiwpIY8c0/Lhpr9d/WjwcXIFwkeZBc8NsxMnhVpNVE7j1N3yGTJUCsgIWSQa0d96jnqhL19IKV0oLR4zdIAPkdM9gTaAz/J3acBDm5/tam/cC3QN+s8eB6uQZgiXO3FnJXAREReksNofOQUgUlcBluqgz7Z/dVIheCGS3khpUgMvfwo9uzZjX/DOPHALGo+knsfg3XwOcI+z31T6WHEEPpux4Hv0MKEB9xPlPAc7eAVLFjk9efEPAVZR2hUlgKyPZIpJUlrxwXSON/OTmyO/9gTlbxaSNNFp/cHkYTa36uuFJx/W2vMG1SXcOWLM9BWqITztzAG/Ol7qzOtjxdtTUA0g+B51tG3zhpoOYVQtAdCllnELttb6K+qdTTqXquS5wZAVF++ucF6CNA+Sh44r6rn9j8QG8roz/XcgWzbXlkzudj9+vVIoAZ+FeDg59IaSFThxWiYKLkSijAqShzshMUz8JumBjnpPf//BADw1i9u4jPkTMXP4Y2dwInLbEtX9OZip9Ho7NKXJIj/YrCnTHFgNLLWHn23sW/KEHE2NbtNw8d/OkaKjL6ZjftE27ii7UWjfLdgscAQhVQAV/BSdUDq7yobEC/WpWOFIFDV+Wfxz3Tq6uXkZx+9aVtiJ59JF9eAMXa8iW4M0o/3HghvulHYwAUOPcJVsXZDu/iZg38n15HRNjEPwXcd3wTy9zsSG4MuwbcXp/dH0zyLojomTlafLRPsALfQoVokSc2eeMZO14CroH3c5B2ZdzA+lckH/++F059knpXCT4vCp3fl4kSwsVg5KR/ganN1E+JI/9ny6jco66RaK4BGTr1FYaRcCSNOwWL/Fc+LeYSph42cikiW6nuOORm5B54TeiFNC1FHxtGO50TCo2hdq4DJSUAAAt5cF4zzTowckrP0eIqC+wtGEBtB/nD/MshsKKkgZyHPK1X5sUQZIrCE7rvo0qYX3B4NWDA47kc/mwL3ZevpxKi8kld9RnCUtHmA43wHNtB3gbgjRtZE1I9VA8BQZqA9DZo+87W9aCYUnxrwAJB8GnYx5Cg3FWb6FP26Rii8uPNrJ6Ppbgjz6p5N/d6LQgrpYdsTvuOES2oN7qMEsjF63HPtfRDMpalocNecSj5p0oyxhu6Nc26zmwqpcqTVdKhdDWAEikCY2hiSXG553A5TA5DqttdF+96zI0073hiYMsIhtE8HPMfFt894lVEjGcm7g/VFHaUJ2NWeUCmzxYkw5TMZY7J2eCHOGJWGTI8VQfKXQFRo5Vn2ZTENruD0utQJD0jGfU2KUnWgPK2MOtzR3BeOh5c7pqbiDeQ9v4pg41KLbX4ef4GsCehiQpb4o/ywLCqJXLr6tvvbh2i9mMnIb/RY+foFXtQQEwcWj3mg6RaU5UQyqHS+enCkzxhHRu2vuJmTbnA2Q8ExetRECRGRhwjnJUZBflef7K7qsPvSezbw8G5G2aAD+VfltzF8+G0Xbx9+/KGky66xswUlQruWDOGPKRUfA7it8/6tZ456XrkR0Fk3zlfum8sDe2QP0NzypI3LvUjSl0/QynnfIlJiatIdhP9z5aVSrKyKghlqkZnVXUiJVJVOyQGe3mnLhvhyG/1EDgZdYENUoCDLgZDePXp6CKGPxa5/A2/8eLD4L3pSFQjk7wYaLJbjwXWjMQksHABVsA5gyZxke34b+vgg1ZPMa02Q1SWFfMQHviO8zJOwpaXn8H6uUmtsKP4dkLELABz7DyvqvUtQ12sYfEyK1Au3m+mvfxaYVwazNuO3xJIDCGop6oE974fZ9T/bfAfM+IE4U7DgPN+9UyGIwTk1RLzxRRZKxK8FoDlGYXB84CFz502grla/FITVE0IN
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"malware-sample\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48d6-d730-47bf-9ce3-4b5f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:14.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:14.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1016162016.js' AND file:hashes.SHA1 = 'a08edb93f6e56ac680d60fb062c6e4452d04ba19']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48d7-caf4-4bb0-97ab-4fed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:15.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:15.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1016162016.js' AND file:hashes.SHA256 = '80f1e56014e6a011bdd046311aa963e38bbbab83b8e8d6e4eae35053c58f3f88']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48d7-f0f4-4eb9-9cf5-4d0f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:15.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:15.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMhWmkh+hmqT7BoAANgyAAAgABwAZTBhN2RhZjNhMzE1MWI3YWYwZTc3ODNmZDZhNjZmNzBVVAkAA9dIH1fXSB9XdXgLAAEEIQAAAAQhAAAAesZ9BHZfNLEmtXgPn80rcHo4/va/NISqwf5oLKqAVO2YY3LlVypwCHM2RoDRCEITXJUE6Mrz3CRqD2OJaLJB0lS/1LgylHXbN1e7zGc9RibvCXPT4JBNjk2Ivo5FZ049EALzimYPTvxLBqwcdCaQ8Jpv2XhIsaDVDGKLyxT8bws486hsCRUaQaEEVUKoYonZzFpA8u4WfWqUmR3qo/uzhn2Ih+u9o9BJ2TW9Yp9+fQioAV6XyBC98S7Xo5fqiCL3YGyy5azYMUywoS3pQa48No+sJ1G96trtdjDuQAfYFmgdFVSewnxoEjcnZitktRz9f6e0/czqPO5+I87JsgLdngnGMtjsBkPCqpzezVoB8AqiXdaAxyoaasvrX4c7wxBMkSOs4oa9Vu2QuDEPictCN1YqlizRDbLGZcN8qePiTX3K3xJm0R/mO9vcJpqKY2BJkgB/J+p+8wGGlhNVNM+zbWZkn+4cAgDDXEB0OCFDgLqxwwDk480N5favMDefla5zUoV0lC+liHqx8dBle0nXY+kM1EaOYCMyIud+8GcN2+Q/lQw6iXeioP5rlQf1AIXJ3f1jLciBRmSMQHkiMVIvm6K8Q/PNAC4z/m8y18UlvKwcHCtdOBvZX+L/yhrIRml88cXTsSdGirSZKLmJAWHHTWTj2NHAR2epNWmdXzjZWhcvi4d5SiS3gUO//6RKB/zzGbuMKZzZ76U+pkdYg0Ctxkc1/RekRvSvtawFbQ95Vf6Dcx9VrVUw5kWbJij7bZeLa/SZhvg3ty/f7Tp8l1Mzt3syjhMNONM5XZB7uy7A3VapdB97S6eHZSD/7klYxdmRnUxFqX/oge5dF1ox00y2rfHb7Lj2/kRNZYFQyOfkYXpo5iJUggN6+ljxk9yxIM+uevYaAqL/B33r5s6VrTm1UJBz7X9gs3XybJQtB6uwQ2ubxAxSRAeZfDXwkH+OaXBCBH3JiWKErGEcPAaVab1D9rwftDbiUmx2gKKWD5UAvWktYE6mvjy8enJFGrynqqqgnWHlBAuhONnA6+UqNP/OVXSiW7buaPuhFkuZbW9eWw9MP1T50FFeGKfa9pE4pPX8aK2G4Q4+Bn+nBw/a9o1x4wMx02YY++AiLJuy+J3pWjRfinL4GSpeGJ/RkHnqsfPwUGkfs1PTj8GUHcQG6886OpLjUYk8u/f+Y8HzPABesYU/iiw3hJMK9JEfi56IY/sf+x7NBOLEXZvxfP2bZQp0+qM2b67TJnVeNES0pXdmEQx1AoWmtUdB0pGrY7kbhJzXr+O1iLPEm2qRkOgzs5c2hsaHKgpYseDp5geNskuJ5xEDcUhvYR5xjAZ/4rLBgosgW5U3cJocAoIMmohWYfKaQnEY3bfDNsQ+oAxWbimofQJmn0XadX7S3mkzgW7h1JQDoW7Cb+FaqahJmiYlCzxl6Nt8qQy+zZCbPuVrb5uFUIwsxDomXgLCNuCMcnYBhNWveG7TgMqIa8KdznR9REXGJmNXU8BZjr7c0gHanvqbzCaBYuhHCghIKP6xszM7bSbHiNb8yNy/yRxsszIA7SwvEzPvxmSmiMyEkhSaBN3pxs5uMqmud5fCMbz9OYzQTuptvjjf0VaJbcOOqMfJMtjx5KCwPnuT/fx1vFAYaGyWKqKhui5ti+o5ojBvSvVNn7LOEEUK0VBgjr4KIU1GcD9izv4l3eUxocB+YQZjGGGjyaBc5GBRur31obDG0/2ENWhlARbF6IpUUHMlZ2wTpj/kOFNwVumE13Ztd+XQPFjM6mu683Myv09wVU35jCc91S32OeUzvsGN+HZZs4XuJh5O1vfXMJo84s0RKEIr5C3zyTx66/zUWGUb+TeiazrdD8ovOttP5l+nt8zU5/2spVSjQ1vmRH2FDxox60eivSRa6k7+jj9Z6G6ROJnbL3W94pPLtSgE06TNwtuMym9YM4o4DbcNbfL6MkJsr6kEk5gjBnr8y8tiqV6YrjrwZAguq9uFc4wjwXZM0jPUScgUm7bY9fZr0UA110wpBI6Y3O7fTcVzdtCdAsbuoMrQB6xXFje+1RGXd37K0jNrIK46r/q3zydbj5dssvI2CXZZ8/rAWtE4rEZ2CzQocBDNIi1ZhPbUgqLUSCmiHcant2E/VLI01bnFbdnP/XxOb0IoJo7+YBHL/8/Gw5cchSCm4rlt2gQ9tq053RPD0NPtn44y05qvUPu4BNiapP7/9aSQqwm0dYyNZaOQQ11b7W+pY+31zqicQLp12BJ2NnxBf6q7GaBlXslR3hks4ZWNVA/mvhGges2SYkuIKCt3w23HQ81yGULiD0CSfCP9YDCbWsieDTBe9PN7svBPa4yqWWVedbnw17DkkhoMYRz1L3vqo28TOzbMdcvDowrrvFr1KLKuZQCaklYW9X266ZX6RAc5//+WMth3Oe0UlrP59zJR5JhqiJmPubs5XxybgKle1jE53suOPEcIWrtOEHKgTfa2wIxVr5MdZNT6c6eqdnlQ9ldOBZFuEKf8fC0AoJ12CA8o8urLCCqCVR5N23ahBs3hD3UhuC8JyqgwX8PT7YX/7cm0aH75OPoUBBtrdll7HBogeUIJake05MjggrjGjR+/Csl4Nc9sGeZdRVJHHbjidHM4igd6EuhY3rBG5rV6rhMjXuWkda21JkiV62p4tZcuhf0yJD1ET0TjOIwnsEiKjQsyj0QkxY5HUNti47KkUqI7gWM/4kGXBNLYxSfNkDUSPams2/aZYI+B5Bgd1081aoDrISSL8pPHF7ir+5DCFyAWDQhvoFsiwpQA1iI8TIiKQD6gSOPQHdUVjijfCbWST/3x4NwYGaqkMSjeXZKwMVC72bfTa/+MtEFsAKX2iP3EbtSL4M/B2M7rmgTZ2Dwy9Q5BNWfbIYCV5wXzGVvpOOaYpuiI6MbdMGlqbYzmtIB4hDsoM+STA0cgb260PLP69ruc336Y/xQoXbzJQ/b4sVIouRISOlLHdLNXoogWsSAx6dZrwJkTwIyASykvk4uZhTMxqHBUcgNT6if1pqIylzPGBpLYGF+lMMAn6L3lzTT9xAGVZzGn/ep7lZXMZXfE1amk5RBoiH9S4IrWFH91irMGyJ4O4Mvu5z4A9ntn0mjuf7dGOwUiNbmb+uE2o+1dD8Rk9DZeSdig4/NTtEhuSystVSo9aU5jvDZTX1lMwMrvCZlDRgUUSTeTsxiG341TVPa03F9yV0KPjd+KozNt9wcdctjFZeXygMYAxqt7x50I4WwsIhzf15h62/fJ1kX8w1RrxQ9AOOSgIqkMuF20Yf1FCG8Y9pSzmIUbiyO0SZY8jXZSjuF/mKh0H7zFDEkRhELKgbDv/aWSeIkJwpSoevc36eXzDcqUg55Gf9OvJwPJQKmo25FKwq2xOUfcVHy91fh10vtQ0oyP6R7+tUb0QlREvwwmMfgI9ZJU382or5Znh3tqEZtqSywwOjWjBrPZKyDlFdBz/SnJuksb0pYG0HvVmUVHI/xk3Z9cn0JKjnaNuGtryoBSXOTrQ8aDWUXbPmv4cEc5TZ85Is+RwjRNcMpLLqYELTGPXIlcK1FuPFrbKZLwxyAQtR62oXLUQPiFAmRZRm4nhHn1GlU4OqBQwCrX/I1EVsqX5rDUDozXv1zpv54ln9LKzay2GlArY+cIKIrlWC8MlXItm8R1umlOKmioZVjpPbuRd0km74BDnqDBQAShMhActr8gL9qYnAdOgQ0ZHfO5RYwOhf43Ry3UKy1jjiLhkvj+1gjfg4G7rviW9LPe0v4j8EWlYzvCkehoDyXO4ASTgsP111B/f9lGZBWO/v8JBspStOkoaljYWC5MDChayPEi3qsz4N6qIp074o3iZ+AL9MoFrslNQ0Iyk3nNSBNtF+xhR5a4qpcpV7Mwk/s4GxS7W6Aae6LNnHLztrRY0brUEjIvJ2YnP0hwy2
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"malware-sample\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48d8-d130-4537-9e97-4958950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:16.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:16.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1016192016.js' AND file:hashes.SHA1 = '0c0f824ae57cb6cbd05dad0c991e3e42635fbbff']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48d9-8a74-41f1-8901-497f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:17.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:17.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1016192016.js' AND file:hashes.SHA256 = '6ae3b4c428b4aeffa71b2bcfe6a97f636fe1dc8c22a5eb5b0581854e40c7235e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48da-3890-4c87-acc0-450e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:18.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:18.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMlWmkjPrhuEQR8AANI8AAAgABwAODNkNWE5OGQyZmRkNDQ5YTRlNmZjODY2NmU4N2MyYWRVVAkAA9pIH1faSB9XdXgLAAEEIQAAAAQhAAAARWeh50BXNsag9VE9Yzw4UDugEtaJOBpb+su+GLQDrVm7jj3C5K2lm3kt3TBfy7KoXNAiNl+WT5xXIlwvvS1X7At+ZM1IJaudGvwlFID5Jbh9SPcyOCBka5+Ie9u2EYIyQLSd/pjolAlN2EWkvupJ2UuIoSzKXdjJSG0rZfnjY6AClEhVY93zjllQvj6bPoqTo/tgb89dp0UzDapVvVvyYzmEqbKpZXhACDsXM83GXhRVigVQV/44rbdATlZKOT4UV86UGu/0Le5T5v5Ji9pbLN1ILz4dm6AVh2m9j2XMnNp0d4ODkyQClgm/QZJQdpi4+nxaSMwCKsg/gU/YwFqlON88vmE1xfwRIOKhxWJ4BeITOPhfCwawbCj2ymgl8BTsJHLDUTJ2kT1x6H+D/MQGKEWzB6bWzc+CRmYILU3s3SD7xxigrD/TdW1wxstGP616MWgXLaYgXppLe1JcH3zTUra7P5WY97FVVOGELPfL5ZP4lT818nfZwbnMYOly7lpS7wQP3/HWD+9yrjdmWhxELT/Udtn88ORoGoih95slLyhk0xIpBACUTe71uW3k0/EJtDK9WmlP+F7DL8ic81G6nh265jwVfrH3LrZwFImcrXQMYptH3ehzlq+3fpzDY2PPa6ZXDcm2L7GhRPLC00V0GbKmSrEVKoQybBZPz/R6PFcmu7LZiCnZKYnY773oxoROZx1GbgbUZzf0Yoqv+CUpfE71PuSB5YytM1psiVo5P4AcJppgkTIM0iDtg/RjbNeueef4UFOqR8HMGlpAOqs0TkmKpOhg7AM8qDV8OUABtgMrolSj3opIdKbPyu27j1bNwlYZh2AN6xJZEq0io5DrqaL2mITOYYoToyI+UQuHCBA/C0HvQu/vPTbqTjqf0AOk7Huu2GqTD4Plz0j+DVZ+bQvPa86p5ejl710zCz/x3AeRpDG1Uhtoeti6xg/UrO4yJ9KAzHlpqq1toPSpV9JsIiXktrOfyiljYb8NpeYiEtg6JHEzqrfxRcnhVgR0kRTYAfKBJwUP3bAIf43zzaZk7T0jZ5luGdWR8u5Dkl3+3Mm6C31Z2PjQ2cNsKMX8PLNERzBiiwowkFdok0JWtwnep4jYVvuzHb3MGnPZo78KCWTUPIabUOKvM8IH9lYokZ8zzXFmSjSxmLbHpPYiM2t8w1MwIon+DWti9LcAqXOEfd5l50EVvlGM6PqQmpUcxnpcib+1sHdxYx7Tt8bLNxveP67+blWuSEQF7e6jpuvqogQZMIZKTdWad/tVxvLsesXNbrZFYZ4+nXcuMOC4ZEsJcBZyW3/xUfjCyEuXGxinnoXpmSAzs3F9LiPMJ7+dql+HOMYMuWcwE9nuTYyjU8sSfE+kDnLcho7Ad6NTWLdZbuDfH1+OQZ9b3saFAFTgMHgQu9RETF/h+6ednTDdMvGLzldHbmg9qr78BPNDzvZxaEnZcS2qzGKHDB5zqIdc4SgB1xQWFM3X8MD8Nwl5EmY8LfyBwJLs5QSwshrvSXvbzfsnok+S6uDhuWGo9xxy3j/Z/xUy2OFfPesfqRw32EqJpgcbjcJKDIZdd0KEAB5ZwXByMJloZK9mcbK05c1C4zQWECHkHw9QzayD1J9/YgePOn8G13hcEC6ASM1111Hls7sdXnJHl7dvp1bW9KF6mjijAA9KYtAbVH9261bkjLx1bYZ+F6Er755ahd4B9JbWwHwCC+xkFtWrdcZ72sAfOX8KE6KdYd9qVJLLXWYdpaWPje4vOT57dgrqk8XzGDjNW0kZE8OANPNWEwdo1kCxmjN6sbQmj8Xg4tCDbisdFTE/O+nmErMFaPp2OxIwwQ7x3eCJizVmkrXctASrr02ZPJG7hvuMsUaGn9Y/xGjh44AbuBURGr/HEL9yG4i/m8PYdEPKC+lqiO+BPqOmbBtSvSvl9zJPz29ZjPKBwQYdNqjF23Ta3kClInDvCGqhjZ2tffJJuwoNZk6BrR13d7SrhPhje/CZ2TuTlcq/M17wbkujzVLGeow3CmHptKrKbft9V8rpmJYuiqFR7wdWQfNSExhe/Xf/UoVbgWn49RK2gvM1CV2Xcc/jfrzaUOXZQHu5D1kdglXky57zQVVq/kOeAZIoLpZyIlSoAVHSgA8PtFna51FabujQeK+2Rww9K7YHbnn71B8Jj2aGoM9UujGXjRFEpYeZaF79bTkQgvIKACPVMxzXoWGY0DofYUpjj7jBzt6pBLYn/RiM+t2eUZLC4Xm1sjHdKRggRJZWYBrT5ATGEz/0OvsEt52WFhnIWnVKnxnVPrfPn3/Z0AfQuV7HL+jPUrUFSr4eoEKk9mxJWrVCLkWeC11UCiw8XzLTcOwHxZJbqSJBG9RaBFMqy5efw/5/u2gWtVuD1HoWP0X+VavUyrfvTa28ANg0Tpr6RJ06pOPIy1JYwqFIMJ1UuijpPlBxg59vqd3qL0bb3mP2SOrL3kJDzLgYd7am42aR98Yo46jL/ek5ATk4U2oY8MQ5Jksa0Dgl73QrDR8Yva5/lIvs6iO1NEKx3OZrPBSqYJT+SmamXNTSrzB6sTXMSZkdDlUWPMmuNUl+vTatAPpUmX/g64NaDOt/Vx3yzxuBnmX4zjNza3at5+cBy3AaSFqhn5dt932aA9Bgsj1IkhfYoGkqWksarHAYqoPZ0NQhRutKWkwKeXy9I8XHmvy+DhzSxQicjEQlO65FsVEa5kUr81pZdK6zG8BI2X2ERDeiZxOMpPvvqC0vFfqRp12CjWBOUrDTS637K8NyLkKiF+uk+p0FcwhteFqkj8Ony+btbXhOZMnXMzT5FbBZJI3TRt3dFzBgtKW3VSEnIMq/PwKeuzGmlYOkOgyCoPAmaPkCM2lIJkD9PyPiQAdcwa9eUPFaMVmRyxJhQFSFsOAwYoAse0SAtNWWK9I5aB8KvQ71NQRiiJqojfHR9F2766MisF+i/UR2OsqUgYr6MXqkoB0u2085VM0FBaC9WX/CFeQWMZyoopNvUl3kbn45EYSYx8t3QuDsZJiSZ/9hmQVcgPc+oY9ha5V8L+vLD1XtJuqf6PNBqgl9FHvFr0CZ5Sqvo4HTYqRfZYYkEgRxy5Okd/MextbwH261xttg1mwereh7ie6ZyoAia7YXrqVlvIB+SpDNQCTYt3ybqUYTMaXlVpMz472uhz2YczsJvKECG87tVvYSriacU2dWlPeLgxfzHS+6Vp6pLhtGVxc8jPXAUczxvdW/slS9j87vBjFv16fgGGy8kj3uKTiPnSK3xUlZrQr1ULxUZI2YWmAfu65NllHF3+qoi/VMFWbDJ/W2T6oHcjZSVk7uGAF/sDxAs+WTPN2IURZRZOAjjnFrp6WbWKpQDS+ddhiUCL6Mr3GsjYY4+CLgEDj5oaYp4L2MSWZ1XjYzQuMx3zoKYmQ+wbosIRUkLLtwh9MIjCVSl1y5LM6CioGFZYzJ8wNahIhfpPXuc6gGjHryZgvifmvWNuAHxAJ7ccBVtrfhL6r7AKGcnn9RZ3nRD/WK8SnOtECql0415QkWRh7GQqqJ5rFYqrXzgOs8HV0JunctCZa/bnAj5hUqDq7+6UTw6MAVXmNNz4VL+HNiVDJoiWRIUJPIp46ZdA1g4ezDwhyQ1ISa2oUnShUh5WHwzTB7NkOxgPfb/IuPerkbeWIrLGlsTthfmZgwdstH+MMJXb7FIszdxuBSglSB2lAZtXRku3RIWssblwSK3ubOX2Kj89iP5jMEFTtWHOfnT3i08KKphbYhdwQzJ83akicYVlcpxsaqb2n7WqoTXE9AG0ad6K7O8F/HoJttQr+flTpi4Su8bSruPwh8kW93irHPqrhBaDoNAms3vPKVDbReQ6S+YmJiRvmOZsFyy88HoabVhuL59OBP2zEpJ3R7ldTtcF4rwLicCVbWSxOBiG5rzv1bmyvw35ptV+Wk0N
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"malware-sample\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48da-74a0-429f-a529-4123950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:18.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:18.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1016232016.js' AND file:hashes.SHA1 = '308d6c90c5db7154f6f9c78808b7c3dd81912fe7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48db-e454-43d6-ac82-4f84950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:19.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:19.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1016232016.js' AND file:hashes.SHA256 = '199f1721347c5f68afe67382a35597a4b0232e62696a15d56a68da834749174e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48dc-f60c-4d13-9860-4649950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:20.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:20.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMpWmkiftdaRwCMAANNGAAAgABwAMDRkZGI3NjFkNWExZGEwNTNiZjFmMzMwODVkMGVkZTVVVAkAA9xIH1fcSB9XdXgLAAEEIQAAAAQhAAAA5DOlgTD626ndb7UnLWiDmvtzFMxMZkNUGYyQ7HHqv5KKlgr20SyVcQAKNvCSBwIFfSy7kIQelD9pg3ND0YItK9H2Fu1D8ZbFbfwXxCZzIk85zLnNSpTdKFfnfymEhntQy/SNAgL23aGiEwr35XviTdLCs8Rx7Yg7rk065Wk/swDi1iJNRKNbBWv4rG104ziwmzJfp6i128RgJ+21ykeJ6brriF9StyZZ0g/6+2peMzdHFURbPnPukDvdlZsTjkxPjYun6jsGSiMW/KefEZkiMmeLuRRZ6DIgJDzlLirMZo8RtmAx9eh2VO4FSd495KeZLLpCptmdXvn0S+FVddrN+LfSuj1NUKIEy0LbH/IFU4m6TTAGdHvWZOkUAWYBD2yvYj2nKYjhS+krjNCZWluXuJRo5H7H+f5kb1KAS5oXhUfKIe5hI6RXKEIKJcD2sZYfqzWNto5PUgEtzmLFiZN8gETNJjvQpNIzXgII29It2QHNTSfE6hxG2+qkv2MiVRUhCmw+v+UG+Y2nTJG+I+ZzwGsRpOAqgiN/nJ4HQygsXFyiQl8Dv1obv0x7zMAW0+WAq1aSvhlXScqg86jDQ39XoOJnwYpBlSaVUBy55nmWsZQxxSpFPMSrAAFpEy/gtUQqG3I01gq9MgnTYYAEL82nkzMyA3WN+WeuLpxsGcE7eJQVztkWiZa0ei1Ely8PO9CGKtxavDrZ9scT04/+S/LMoHj3j6MeY1ZEpZw6kshLgQ07ccbZAVw7j7BfNxliCIAfcSu/Y/y6+JS7YQW37XS33OZurJTlsufdIfwM9hFfzlOj9yMFrfv0Ijzz8aakAl7Ya2yMRh3Hxp9lI3n3xeC1zySTG6FvDW42v05zCM5RyVADOqNl3+4mlS+d9RL3jX+miWSt+7Mkc3r9VEq53mCYiRxbwkSKy/5cSgZu1XdObfGJlOWk2W3me6nSeBPxP97OAPiAl7sa9LB0UrnPeG/LjOj6V4vW+ntrdRfl0NPUwW6DYHRrdfbeBk+imfz6Pti1m7rkPB7lECKeOPyKQdtyvPXndR99bYUfkHO4SNDF2W+x6BGlEP/NnG7ffaaSeorDWjGLBNFBoywPNIzzfJdZ/ncF9sOVEd0vjixuSdJjHiJ1bm3BYyRZw/re/shZyl0udad6OnptDPtI+F0iSZhpfo6y6ptGwpJMn8+THvwJY6/fodbZtZdAC2Rsey/cD6GG+3fw4DnoJtspWQrNRG5toL5hMZBIIwVtmFZY6f3JstdzRRcjyYomNyTjLNi1xR19wisrwHNbdtY1fITlRXCRaTfkeQ4A2uDgWJf8B/Ss2ZOAlNNqDgJMfdjZms5vtYicfdz/WwRHTPM289n307BrRQ2A6VPfgkAFo0oqUGF027zKCNcXeUKSHdaJyRTDGySedfvZWeicqZdSpXCnmD6iUjEGDDAJw3d8Xc/2mdi9puvUctmBR/5dRU3WS/EuN0aw7/dx2TjIbmGHUwJrAwrhFrcs4vMFPxw9np98iTalW4BziTLJRBFcXpNk+vqyn9D4X5gtyl4Jl0Fnz2D8oKbSias9+hK+aiLqGloEJy9gZZuzPm1JSXnH532JJ76i793ODd17fH+AwQ34vMkXBSK94tw9tmvJcDlOilD5SMyPpqB+TXZZ437+qcl523/fmGnwxPomF0XuT0uZiLBNvoD+JOZYYMTwV+PUusadJfwyL+9FLET6reMztlOUtS9FEmHZsiQVhbV2dFJbPOfV0LPwYaQI8BXYgbh/91AtG0W9STQBM8nGAVczJN9s0nAjGYWLHSMrB1nOvK2yIyM6ihvsB9d/OpyNRye71Jjs+YpsAWQ00MnX1XcX1RhJahj57Z2f6uvCkgALfzyRKpgxwmDFY/uB6xQXnc2y6Gc4GI209/WIya+Nux5BKmxTNb9F76AX5RDaK8z/MCGztzbleQkokJ2Hh1kS/KDL073BzerIxYT8sudflUBzfCJ1oVHNGcHUVVo1kNAiyvSICfXkh66UWBqvfouedkJ1h9YJm/kZFnqIRMymReyJPIrOMmy6G8KRznaefdBMq6ahHm1UoUXZy8ryo2NoFcdoT9+gd24xZneJw0FjpKSVGZa9OhrkXDqxeDFbbdWkHAc2qf6wALZAjpZIjWT/ifhaAZp6cLTbgfJm+kHuGoerXSX+ROwpSPvZhgjNaHl+uqkHIOsEjwBS5tdrNirT8N93Xq4aO0SLoP99DE0xh8ZuZ77VXwzZk0lZHI9MEVsFgkcjtUyANe7XycCJJJxtxoNDOkpMqPf9c9useEyj+bDhClb7mOQnBAYiie48TiStgkS5HVlmUgOxiDFRS2l4mmlo8ocp8BHtEDJFGwbJDyrMpq1+5G31i9ciBIL0rq4ywidZDYfGAt5pYBxoKBwJGO11HQ+A1ZLsuFlCF9vBskEgJfnZQdTW+wkjSxVMHcmvPOLyh+1ZkC1JIuId5K1X2bYyFT8GWkAvFviEP1A0hrH7nr12ok/5gTdFuORyGa0JDqLxnPcRC9QEn0lR6WFnfPi21J1Np83U+aphjxo45uw8i3OiZ/qJ3z/MfWy+Jc5GR1Kp2e9Hi137YcIPq53PrXAsJu33cL40pkSABqlvo7lTTo7z24QTZJ0mvmGKKnFcIh6U6A7u7lFb4ml17h+D+mt9ri4BTIBPhh3LECxWn2qmyVx86NLwryZzHZKidbDUx4DbcfWcYTi9mAfepGEYj3P9WGna1wGSRPUImNrhAG4Tuk5afEpVUuAVnuUvoV8coQ+sL0QDduVQZEs7v6XUYCKxGJenLGi7fKNzs5zvJCzHWNYcC3kbfIvVoiXSNtcb27i0VUNIFgGl8a/uBAjtl2e0WYNMJ+A8LT9C/vSb0+NppWGatCcniZ4Zy9zKrtkutfES98bXHVIZyU2pHEaXAAIHscJDHd+bBsKVLv3+hYMJ5er3F7CSDcGEr75WNLGWQZap7Dm9qaFbqKLaz/dAlCSsbUiSC/k5H+S8Bl9HDKaXwhz/I0fXBXtHhFSQZRNfakVP6feIN7pPF/mWaHBGwkIDbo6YHfrM0vJ2jLZDY77or2aA2excgbDjo2t3cVAbRKsqy+7vs0KoqnQdqyTwUfm2w0wQANM4I4dbwngFbZXbcB6/GRx4aGZP2aI0fyUlxjuLqIWcHF7mmFZgxL+igibdWw3yRagF4MjvZ3UcdQTowqUnRRGxGUVkgmjWNY56Q3YiAZC+4zvJcx7qQI7KXdXSNfP43n2F2FrPQksdws4oCjDx5yQHbMYhZE+jPJwhj2EMKKz7ihOm9dzV5/oUHhCHkwKSYZPAIPiHnuWlbzS2oFgODIfCQ7wQ5neA9pnIRwHPjH8Bd1eQc9KM/FDgp8/5xRL3zmFIG10cKUqmnK+pavtgXno+gV0Uknd6N1/sFg56L6v59moM8KuQhhbeGz4MuBWzlLpM+mhMTOz9KoLCLq9Ewv2ANQ2pwJ3vQ8aKCMnoaay6T3lj5kbYFlfolJnRp1QS5NAPJK0Uaa/q+K6B2N0S86OvgiFXtCFnpLbUX+K0mmredJr314FfEvZnw64UEmBKFGTmNQlldZeppucpYQvRTHvQl6ZCDYFot1t6+bCpmenEH2hgKERcL3X8/J0/4ZywfJX3nd4hVCo3KtiGEK5P8SQI2XqyY7yT1owNeBqjWxgS68jpUXH12zDrcMlZc4sB4cuvC/Z2kdTIMJtSWL4AAkvgAbEHK+Li/2FCLZUYyZVHguQBo1R4dAG2GH8rqWRN3CuDnpIroWnRtZHTl7J5qxRJC5ppOVc4odAGDmY/M0o9Te3YNzCFuQ+OpNylbKOTXDAqcflLGMeH+Clt6rr+fA8nw2Hytwe4XE/WMieRtOfe1dMWvQNEgJDGDFezq6SoxzpU1YoLS4C2V1P3Dewdbsxp7Dii9CEaFOu90/0Te+
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"malware-sample\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48dd-bcf4-43b6-958e-41ca950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:21.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:21.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1018242016.js' AND file:hashes.SHA1 = 'a71a8e93cdcbf25f9d46e6af19112bce462dba7f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48de-0bb0-4a46-a48e-47ed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:22.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:22.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1018242016.js' AND file:hashes.SHA256 = '6dabf14a55f9d241f774eab95869ceb66ee9165e318ad3ef440ef75918136906']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48de-e3f8-462e-a0c8-40d8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:22.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:22.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAMtWmkh9tEt6chwAAPk5AAAgABwANDlkNTFlNzVkMmRhYWFiMTkwYzVlYTE5MzkwNWJjODlVVAkAA95IH1feSB9XdXgLAAEEIQAAAAQhAAAAsMqKjteWVKNj6vF8JZkBrjwOGrzo6hD7HvhxtPZOjD/DpFLTFr3ZCn1DsrF69yvXHhFnx8VnbT/Qv4IkrtQkYqBb8vHo7ftIEAokc6Vair0XvZfjY0KObjUiASQOuiL7vhJ2YygSxTIZLdlTM1ZPuDlol46Ng+C/mKrWnJdxwXsGNU/rT1obbD67G9T4jn43+NHM3nY48Q/IRxvSUtneRBpspodmsvj+hmPms31KrR9oyEEfZMmLA+foW0ute8CHiubmOKiiZlszbnsZsM8yis46BSlwv7mnYEYmvJlhI8j4JpCblyWYdMkbR8zX6S3Z/+37Kupnpoq79k+3PEilrCwLY37h6w24+Z7wP38caCc7NdInbCl4M5Q3B0MDmTbqTudni/RObd2lShSLYPEZQf0HXSy/wOzyBs67wFsKXl2TWTVyKbsxivqcpn2bak2t3W5eC+H0TLV/bqwavLzyA8DZUGUQ2gugGOi7eQZCFCeSlDBiphcgsxYLN7qTh677SRNYTiLvW6SbxjAz3Y9BRk7dcxNzCBt2eVd5p6Rqc59KRvov1AjeCRcx68rNL0Ns8oPI8qjBSmwoiaIpA1L8OjQpeIFVmogN0ko+/B0xQq6oA88HdlQ8FLMxPQhGRuoqq8uzpAWIEunh6L0JS6EwrYuJqGYAd0MpokHIMN7nUh3+J0C9wCJISsKsbP/d33NxyAS3X6u4anUg6RDT64SnBr+MQ8Drwkq0BOl5Ajl99JwYajIT8K6c1WipFxw9MieZSYYcnfp4ngDxc0km2ejbzUHx7TIwYH7FNprgouP/Ie0xXSch3iTaTRoOXxlZZ1iHPqgqt0H40djLLlBkYP/ldpx7FHuRlxFmdJDQSNmtwfsYsnS9CMedfi1+kC4S5SfHVkjoIcdItEIv/wEjPEcyRLQ3vfQQ2cZN4GUhfznxtkF0qOZ7ZW++XMAhZmytPyZ2vz4c0AVWT6cVgIc4YXmj9ouO1uBMFxvvfXy7wYUjZGhDJQCpbdvd0O+T9BPiHrENEKHDQUqBsGgmb3nHsd7t2tjX38VNzV5+Yunsp7JjOOyCz23KkS3f5iUdY4cUynylRvwCjNZFxqXr2GDakfALTLMC4PJElMzNlc23Xy/cEz+mBpRWZ6kGcU8zU4V0jg8NtL+G++1lbC5tygQBE3Fotrah9u05pK+r0/TZPhxxHV1oUK6KR66P3u+vTRVOGU6ythlk/6RCEKEMWIQthWst8QnNvN3c7hozcrTlaotfRmud0BMGxh9tiwM4EOvriMX4YvrolmpNhhP0EY9YkIgLlrRpOCkZfPMtCAFqoBmxGQ542F4dur3klzzgq1HEkHSmJRLw13roXvAjxCMoAtbRqfrT7uR4hNMmoCwJ4ssUphKAVl3RVv0PNIRfbxVuA7mZG47fE2PQyga/8C60swZUCxKbYfI9yoyyjBEh5BtVpHUdWFMeK3/1lZszRRfqK6QJcZq/ln+k1gZ7/Kjc26AKAGo3jJh6gSOkrk2GQnQvvnjfDHBvuBxPxgBx6Fd8UA/eoviQ55UNYbczF8JLN68du+ZQOTqORm91LKBJBZSHAjW6NInzb8CerDg3CC6QEl9adhhB+PnFHiy5J2PWRIIsz0007ytVdke3EILpRkXfCGCIUaAF/+gjl3OIZ5ThrtVaqr0FIXFG97hbhDKM3XPH50m/O5+MSsTPG/kfov9ksarTdMmIeuUQFgo4edawDS59XXPlOpXKc3TPgCaOHi5H40QvKWtc2w/HBIUHCPspqdP3n10dg8XZyH5SI6yJTokKhu8fkNuncDkM/C7pdgoY2enQD/0lEoBQ19fYcHSadw5dwA/r6HI5JeA8BsGLQAZ/xsBRmw3fhxBL9XWPOjXa7THxHqWk1c3TUSR7tALId9eMHZF4ebpcWyE7hdJueYybBbqP5/IXWrKr/e5crEaHBAWEnovGoMYE6BuN0mGynMf8d62Xj1vIjglJQnBZ169yHtV4HQjnron1y2Wp91E8nA56zJdyG5P1Ba0ZYrq9XFMlyMvHqmp9S1fZo4+UrCsxTStVrD83FFLZCFV99v+nS/fjZihiYJi4JnhVGOBvqstKEFnbOc2tXx229SDRsEepMVgZE/rM6GIWa8m8HP3ijb4Ykv/0UWLKex7oedDmnfkIPmcnyI/Y89VAv0r9TQJ/K6F5/lGp2c86s0xqhWyyw0syGm61/pTV3wWnQQIsv0/BcLvZBSMN30oTzvhRCJJFyifLLCNj6CiyrwBehRNuUVN2nVJdtveiI0Sl0eBc3i4ZLEeVeGTCzGOBlk3WSWA/K0hNCJovcKLAb8UAembtqJ6nAPOJbRj6wYg+BauV/+ENBgxizrN3kJW8dF8gYAluYf02N2XyG8Xg/RFZ3IflqcsTWXT4lO4LpTdtJJ66hEgUACvSTnIiLugzglxnqHm2P28dZC8Tt9NkJBcuUVNzPUaAJ0W5jqZ6pm62K6OLd9P6aWcyFWPvVMZskaReSxDMohWZj2PqiE0SFgQClmU73mI7pF1XJMyPXw4jsOXbRdKbCyRFvxn3cTvgyNKXQPH1XGkPkyk8f5KV2xBYPNPGxTPuTpKsAIEzmleaIzcJ1h9SsHo9NwoRgWyRAFoE9RhitFU5J5lBoy5OrSIXy+NzqVRXuHEC6129Jn5lP47I0W/aB3HQdB3Kjovc26j4iMZD0XvnUU/e0gRDMuVDpDlMTW1/uzaRf9IXYMObyGyRy5uRiKjYRzzKwncGWee0XgbClBD9gfKm7mYl4lc/dUXYRZk23APozEQvF7W79yN/ir4RRsayEN+xDnGynNicndyq41xKGJnPY6K87ICievWaATpVTlGdJEtAvq739R1cEqu6UyeF4VYtjs9c76ztMzPPFDxOlR1/DCRse8/dd9YW+HUx9q4dL0qpoIiKROs8wL9n0T31D6R3AJN4r8ZSmbd1P3T3gIw2LRaHbwV7jExXYpyic3mutDGyQbPzDgMNTaxGLDonMaSykhfGIWtDTjChJrj4kttXPxFzvn4UN1+LvCsBW0JWQ9+7tVFVR2l6fqQITy+1I83ldGypuXo9dUwK8G4tGVs0I70pNdkBnix1vLqzNnmj+JWoz/DnTpFoFANCyrNXbCHiKxiXSDpEhH93BoLpuyWL9z/8xQ1RoAza8zb3OnJ1NR23s30KFX8Hv7yq+VNc35teGzTmD6Vc/KPNN7VQMSqMGINV8iRgHtrdE1pmQxE41qp1Zxhy/djFwixVU693UNTwP4UpMgr7n/kPupm7YGpc2bpryYLtHRWFnMQsmlJJp8DsgAgm+DdUUw1hxovLopGC4ieyvIEic/eZy+1caU2rRTUI6dxXWWYD6fKLk+iVyYnHaLUE+2DD82ZqqiLr0zkxsTHnSrPO/KkiihLXuxrDPGOFqCYZNUmvOV8YlxhIXBN46dkx+71aBlfzHAR8HIfGhNOrPj+LSamgVCYWUKZGWqFgPahR0rSUpak0lrQpskIW7dSZtPBduA20aKpbwmPWS+eojRc2C9KksfBFx9fJelzhPVWw1ojQV9DqJ4r9eC4oY3FlglxRuH51gnF739b/YUJ8sOfYilDlR/aXsKSIa9dhszxYL16kFHw6kiO2Zn1P7IqrpKxt4V/wk+xnOeL+FrtJFxFHeqIdQyIDmWNjJLoeqHej29uHADF8ZjqklJIXGXN3M/6vXpCS0YLhRjUZc7BTbOxARdAWhBY8kHJTuJ7bvI69U2qxPx6+Z1zZIJmhAOWvBHVMtMy1j2E/liXL3yrLx8z1vDtF+4oKfn5ILg1IOiqGX7mKiWF6jGOFGDGINmUT0R3Yys4ZExBwaYQ+bJ6Y+ebmb/sFxfgYESgGz+//dSZfvsWq4xWhbomX0y37gvITu9VSCszqrE5FaO06YR3hFnwJYtz4h3iHJ0CDn/XXJC
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"malware-sample\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48df-1718-4a1b-9e39-433c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:23.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:23.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1018252016.js' AND file:hashes.SHA1 = 'cde8d5f54a5d96897e0647732bcf3e0e1479b530']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48e0-d828-4a4e-8328-458d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:24.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:24.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1018252016.js' AND file:hashes.SHA256 = '0a22988c2ddfd6e79c2f7ec3f41664b177058c9559de0a7cf5f36541b4a4934b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48e1-7220-43a6-9f75-406d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:25.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:25.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIAM1WmkjobFoXlyIAABdGAAAgABwANGExMjg0YzcwY2ZmMzg4N2JmZjA4Mjk4NGVkNzJhMGNVVAkAA+FIH1fhSB9XdXgLAAEEIQAAAAQhAAAAPEc78kRhe8hvgwG63lYsEdzsB+6xfoMaMZ9ib+gxXp4DZ6a1EB87nK+kvxQon/0rgRhI7c/NlEnnxc016rswOqyJ/DhskoGlcvLMhTu5JIXwa5Hmml3BRowWggF7sDhvCB4uM3gTj/zsmiij+m66JIxQ8uu5HC3jJ2/Zd6S9sMSVcrbg3Wkhr+DwjzDj0/9o5SP9ltOHho6ccT5qMN02JAqISNPjzC/U0eHku56GT41oQe1YFVLoh8BFs6KeptipDpKt8UBGOUbJ3ug+W1qC42SWHB88utPbnOuNyiZXomKPoxrYjMtp3iqHCxbylsuA/ECPS2FzsSpDjxgmiEoWFd7wtxXwRkr/J7s03Xf3pw9dbUHimshvj+Um1C1ifP54rbDZpAjr2sJ9kkXbBWe7cFcutWG83QvSv+GqLLAr4UZXm+PgeF65Sh1XyYMZ1zRl2RoRI2cZM0Dc7KkoNPgBp2YPkmJc+RPxSzoNMMITl8RFu4HXGXuPGS/Byko7+iXxLhf2/WDylkCwIBw8c9EMecWo+b2+THcMWryh3xF69BWYr5nRqYzKi/9jBYAr0p/tyN3X+zUyVjZk1LHKXp6sxQv+/VVt1W5O9OtXtu1cofQ6NifXdSfvb64wwakDUU/oQfndqdk+uAZNaFtKOJo3Eutol4iPt7NNtk1aFPJ7cNgFfi2uRTNfK/gQXC7cCehTZjauJDc9Yp1xIBVbOihOaxSnej1XMFuHnp8PQnTtsnUDSVEzvugOee+QXI927sfs1nbIX5uSuH0sQGGUkIWD6a1DTV/FDx1WlptVU8S3xCkUorRep1GuQ4WfRKCE21sI8wX7NqSSqv9OfaUC+NNKkvIZfQtR8XTyAtNLOhZrVuaNEIl9nQk6M/2R86MxqyAiAG/rFKO33qtZwQokQFYr4tEIKVZG0FjcbtqHB8V9QLJMUaT6notY8XBq8AkyPhf2iKD1A3KmUbaVH1eabjkL027xHDfGiX8zIxS1T+nd8sypKP6TEuRt+YxawvZuWHMzTgnER1YkgoDa4t4xP0lA5PUNOlIbEtNems5xxUdIdSCfXOlk28q27Haxx/KeziXw2LQzsWmg6krIcZV/2vjWrfb1qOlH2uesXAX06Nm/02ZLPGnXyzU2e9y2SJ3dgOicQYXp/UPnxGTmuRwhVioDpRyyPD5Mihso6B1UzyiUyaHj3P6fm7WvVfMmGjQqIMQNFjrxPGpj1Sho1OFuutGyux6OvwUX7BR2Gn7ezSyLeKzo8Q89OXXVF8pwdcZc0qZHjyAKQ8HW2TMFmgFMTK+i6g4SlBrs4lTJfgtzahNwQ+rIqwVt5v74+XxGdNSFm8Mv/U6KEydRfHCTXcq1dzLikR0B4AE2EfkXTx6AqNW8NgKld4qHa1bXc8iBLH7gTLucHIqcW8mnhhpN7RLrz0MsyFDWuJSoaRu6igJeaArxh3+NR7zDoEtDRX8lSAOyqxTr12kU21T7BtP8MRXhX8+KDa6TMGo2IuEljZqIPdrssDWeKz9QGuBKAmiPy0wNDoZAPcElndFahmGmc/j7ADLwtbM7jHYQbAPdsJRfcM1QzHL9jUbXT9LiWwASmJIoqfe5tM5asX2uGtv/+pNXb3qtxLnDDlpO9zNYFImShDPKNETQZmKovN1ZASq/P61/BI8slp/J8p09fEHUdgSvEafOHMMq/sxuoF911/6IZdmR8oe6eHZ/mMbO1II+pBkGuMtL7tpZDkdH52EQXEDiC/veOV/2k8iSpz/TMS+N/KBJxsP4mxtwfc5YNd1jW2g20LDZb1rqCWuTe5SWgbu93YYtm/jmvNjG2zs+K8n21onwNjpHkhCKGAlF3UMurXWqKiTvTn6fhaczX4LF7xLCcuLAhlNLjrVIYuqPHOGYU+WvKOI7NPGhflDhJktdp9AnpBjdPEtwwLrV7qm5PC9gxq3TqlwLKm8HzUP2/O132nyh2ZHA9TJ4gdIS63wO8WUQXQ4Rzey2DQy5AB6eXW6Vu3cqokCR705mEIhoXo8Ap7FPUcn4RqNNApXQ3VeKhCeipjoL+KsjuqLqmSy8WgLVw8ezYPr4e/hcaHab/cWsuVViNOhmd+T9sVV4i8yPFRK36FW0ogh/JG6vBF+nC+8spVe5OgmL/3TX5XYQ4RJ3UaMO6YezqUsTiXk7FssFbb7hkl/8M7SWJgAAgYaSjxXyvdboe8GkaMmh9g+CgX0gM4zJv7IR/LY8BWvwh7rey9+sD666j+5rmjD7YETZyl4kNN7PqtPTAcPBv3U9oevvYjlfKcF98Z24ic8ETEWIabcJbC3kWYh/5zq6nY/rIbiDkauG9MLP5wCgmYxkFrut7TWiBnBOW8oGXJsCVndII1ookNoh83WYVCWE4h/Exe4vvxREXgtot9G5eDH1cv2cX2XP+RexADrUeozsGWiMnsY2svzG6h6X8hbScsbJPbDCuc0ZwsfGoI2aX4q5L474ZMejzEcfFDjFuZ6XRwTDCUhmjEe0LBCzL0Y6NecIPlUmLwZaKPiPMKzxquqny8u+zqRsJIIDZYGghaJj5/EWJgqwFYbt0f3VR/eoUs2ibLfVv+6QIaowsTnqzMwWA59n9guJA1Ogg1JJZ6bXWwjpsrNpD2nm/gSAggpKY2Ie+nuQHiqk9YTEm/z9faKn84VDlTDNx4Q0Etnk5hxgDaLk/pyjzpolOCIE2Sp40nsGuFKOOyBcHO6rrDTd0KuCVZ4766PsFO1EJIDbvnNkrJaBK02Qkxdy71IKriMgrJKdpjBuSHABGyh0fPixoVVEabm3jkY+oJ9QRn4maegXpR7DT0rO0aVmpZrDUwT6pRU7h7yPjIqjz4tRNyHjcaiaAxsM2G6APOZ2vemAikH3IGWogG4cPlWip8MYcZAMHAoFICTo87//jYOV+JXFM07ArzPGL1NZHWgEmqhnk9bqJJ9pjBffvXyQzz24iz/J/TLZOucF7DO7ENlxa9xJ9VFDb/RiD97teK6ormD8vXTKd6fVT3Fw+EueaXV/Vs0bZHObB1PzaBCB6Ei3JoGvpaSyIcfsZLooYQ4pa2KnlAkuo5yTXq5XjTN8ilQgXBbFIdSUrloeweZ1XJGd+F/wRbuAMmXcbdQiyT9nQeGG1G7e7DOjSGpEeVZV220LaVDFsY36opM7Q9Hrhfq01fi8xACtfYcK0AWQIWRgapBhBVAd8pjoyo+28yQIF5B9ktYuMoSU7x4QJ6gGginqmjHElfN9q8TBpi/G0Lez4X1DtX+Bk1wc3oF2su65vxvpMWhsNLfeS8m9tkEbHF21wyviKnKUDSRkNm+aLROGStg0Yb9w6VqtACXBfCN2znMiPFm2hul6EoBOp06YkgIRtN4lyDIX5APy7PgzU6FApxjFvbjicTtOjsPpTLUWEhA4/7tV7K2oO0CF5itRinb5Fehl/Gvb1cZZ4bMz+MAxA6Yi7Kzk01hF2eJKLaT9A/cOGWs04SHc2maaG3HBknAbbDNqBkbdr+DKhovnscHgLfNYSQRVVJDSLyV+GhHQVn4FF3VnXHAwq1N3+A8V8fUviv2T8A28MIP2t1Mwgv8eE3iJQ4EBWSOBB+wzfQtWO6LikJxRgrv3NPn3hx0R7PvkLaKPWlKAA3xB11tO4+PnwOWO76mAEchRv2biAIGbfPDq+a/C8YOD+vMghuBJS2pSS7DrsHUpommFBJsIIOJy4PyULqLaIuope8Ro6H6KjimZjgIWMPCxWpc+5KV/7qV2zS/zsCWtbQlVuwpM0JLE/iOWvu5He44bffd5WDmWPfo2E4+xnkyuQQpf/CYKCR5M01X/T8pxKiXl66R24R2J9G3MhrFuDTatnK6mJyLzexAzyVhU5EOvZEf2UMmq9q6JeMmfjDInSkFWsWfRd7SyTVxBMp8+k34Yqoy8xnj1pumvQLFY3D6hFo
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"malware-sample\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48e2-c96c-4386-b366-472c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:26.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:26.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1018262016.js' AND file:hashes.SHA1 = '3dad04df573cdf69daf1412a4028fff2ad9f4e9a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f48e2-dcc8-4db3-83cc-4ff1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:54:26.000Z",
|
|
|
|
"modified": "2016-04-26T10:54:26.000Z",
|
|
|
|
"description": "unique .js sample",
|
|
|
|
"pattern": "[file:name = 'FAC1018262016.js' AND file:hashes.SHA256 = '571ec352e3ce457461abe7f50e662ba967565f053b3862a77edf2f2e5a49efb5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:54:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f490f-f884-4ef7-acb0-427c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:55:11.000Z",
|
|
|
|
"modified": "2016-04-26T10:55:11.000Z",
|
|
|
|
"description": "download location",
|
|
|
|
"pattern": "[url:value = 'http://uk.spartanburg.cc/gimme/some/loads_nigga.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:55:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4910-d6a0-499b-84d7-4c85950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:55:12.000Z",
|
|
|
|
"modified": "2016-04-26T10:55:12.000Z",
|
|
|
|
"description": "download location",
|
|
|
|
"pattern": "[domain-name:value = 'uk.spartanburg.cc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:55:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4910-3b68-4294-9711-4d32950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:55:12.000Z",
|
|
|
|
"modified": "2016-04-26T10:55:12.000Z",
|
|
|
|
"description": "download location",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.223.88.208']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:55:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f49af-ed24-4a75-9883-41a6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T10:57:51.000Z",
|
|
|
|
"modified": "2016-04-26T10:57:51.000Z",
|
|
|
|
"description": "mandatory",
|
|
|
|
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022)']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T10:57:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"user-agent\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4a6f-b3a4-4f74-8e62-4727950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:01:03.000Z",
|
|
|
|
"modified": "2016-04-26T11:01:03.000Z",
|
|
|
|
"description": "payload (PE32)",
|
|
|
|
"pattern": "[file:content_ref.payload_bin = 'UEsDBBQACQAIACJYmkj7nITWa8wBAAAIBQAgABwANTA0NmI3ODU4ZjU5ODNkYjU2NGVjZThiYTM2YzI4MWJVVAkAA29KH1dvSh9XdXgLAAEEIQAAAAQhAAAAIFWUI+taSWvNs4n08woXEbd2JxpzdPAatsoDXRRPD8Ea5FGEivtKCP9Yfn5T+i+TQwj9tcbDJOYu0/QY/FKCmN6E+9qrF1yDjVnZFk834zRBoYLRtDdDg55Aw53sA2DwPv8KAkb+wnB1eNy8gLD/U1Ok+yYJNQYh89txBXgRdwwNpeUNjkabwwzpFrj7WmLTc8LQ9nM24yqnmO0TB1RRi+GnOrGVtv4GwdTLagU00VWJr0n+3/Zw/eBoDSVDXRiW9DH2ljKAQDuEzSPfPHHY+DUuuulCCyCD0IFJNL6q/7dnVoX0bP7zjPfvcOGg7DzlGrBPSsYlHWIn+q4MM451czkeQNIwkrpSxTxQoLTOYB3tS+SC0cBQmp6gYEaLPhoguSmFfY4MCOxWL1ifNzUjlIjM84qjwkM1eXT5N/0nOpV03iyGbqJbg6Vi5x/XI0qkXp0vjmm8F2syoHFlXki8CJ2xcIlLLRb++zeRX3bWEGXwwDPGRRC7o/j5PkkTu5UUn5rsPOW1wIgSCTHxtmr6/qt7uQ5EHljl/PQcBLy65Bdq7SHGIfu43eNJnNgl/zl6Dd7kniDME3ckSmhznt4Y67aIoPgR6LSodINqJFN0DHkWkLUkxc0BMSGCpaHcCfBoFDt9bsS50l/PtyVcun1XxtRCgkhqVvmI+zaM0XTRr9Su0mE15ip5i9mGFTsU/09MI/4sxA8Jd2MNuwV8olwVHngggskPuX8YrQap/ajQO1h+hxlbiyGWvuBKzT+Pq5lo4M8TvmA6Il3lytg7xdBvOD4N+bNdzUBIZEwRE8bBGCkjPqdV2jjRTSJXuzBuLnfc/u8/zQH4OoTSuyl9mMauFoTh1JdECCM1U9WzqNcr9z80ptQsUzwey5qIp06nZl7ZfQZAyOauD3bYShjr2e58NV8vTL9w1I7x3KnI4FXd4eFyJaA+hPa3fzVib1rG91sVbhPiQo88uIMq/PUEdIOzrw8tg0CgvRVjnN30b2S7q3IfJ0Vd7TCZMA7IWBKoJ5wRWRRyg8KCzDIhfM8ZHF27EurXCQSkZw1Fvw25LwMMSUPrQoIFAw52uAPa8JrLFXnBOMaAVrh5TIqOulxjdrzAdtJCICOOVT5ZC48h0w5m0Wr0wA3kCLeKWc8asif0s/7OkjG0GJUvR9jhjo9Vz07GzgQoiAG3m7t6cyRvO/XKLOal+5x6CmZs7Az2kfcZIp1Anzv4Xfmuyl8luPhs5eqef45geOaBlHmjFlhR+7446J9hYzLkVl2FkNtcVF++E09lATuLYO8WLNXBQJP+ZBZiE4IfySD+8MLmUVVVCpMGvATCcv4ENFbIz97MusiGd3UCZoQ6bLwsvXgRGYO2qBw00um3zZXOqIjzxoYNg9rJqwrrFzNRP7fVfixx5YiuFU80DseqDJ9O5fUln4L8uS9a5GGBsE2sfvzEMnp214MiopL6GWQOIqGzU6pVstVGPQ9NEcY4geLFEiLSWSoxi1dLjwpAFKtzJo1cSBvsJVaSKPIKpVHsRBe1qC8EmSyCCVZijQMANRVqVba9+FE4fnEO4FZbCp2HXuz3F01pKRB7Wll/9x9V/FiKhlGQ/qOtC7en/amGNtiLuSH3OTWAOhAo65v4LcubBKUNVrYRzqY+l8mIycN1zd19iYMLZjkIKdlWvZ9/HjS8l6dR1N8rrkyA433onyXCxIJL8uWOAbJOHeU2wu/lZjq5BJsBiarvHAnZe57Ml5dvsQByrFUMZCo7KOMdVvXIkgQIp6hek87xfCs2qdjZT7ZY5NblpuMuoyiJYN9xE7TW66a6laZ4pUIFPhELzrdTgc4sWtBFQ3YDjmWNfT/4VD5QxguTfpnv0Dt68H9c0stNMDqgRwPSDVFouJYh0azdG5FoXqfwT3LZXXndZyHb2s+DuXyecjHb0vMfudF2UdmYmFSP0lMnWZmPBZDmW3SnBWFVKLt2i/AWNbT2aMm9IYkfRMP9KJSSeLiX05udd7c/IKICDzHyZbI0YlGUKsygTHz7kdMC8EOtxso2I/Ftyan3InT96UhRK9ly7Sa8uC/5AjOv+KoqE3RsXGMunarTjHe2gq5/ZmgGWwCtaRqUcMxz59G/UXg5EIeQofWczDIamaSDjPfCOuklbGoJHaZ/8HHyrTwdRklGlDJllvJrZe1RLtsjPuKYeTh+sc6J2/T9EmTGUHiWjdOjDnvtlJeDJA93k1ZvBOfSDJbEJntBDMtXEJ5rNkOp9wv1oUe0ByjJKsZAV1Y/OqA/+v6vxe9UV7AyfrpwL9xBDKmArRMcWQ7wtzM35GYtR/eRdSzaZ1fYm+Op78SjsMvXZTfCrxXuNdZ0YDYdvsGgBPRpqtIJJ36PY5E/4ACyzHDm2HZ6jIdhiLc80U7S+fCe6UZnk6uhQmZtAN3Av1JOrGdVTuezgjPrjRzJdmtu5MXBUrHSSGE2UcGKcR3uOBqTly/cdwt7nB3ORW+/5Qf6Xm7vRJsiFm5+TZNTrK9h0r8dxPhaXqFQDC1UOsu6apDuMLVIqzg7sGNYcH1Qf2QI4tOUbVNBBLKdXU8liOu1Dk9GgYgixV98nLV+WqSi0iV8X4XtI46KCiMYlYkrUKh6gGEsCZz8jjsFvVSDAZdkITKYcuLIIv1B8LT5eTcsJN+uyaGj4EIHoeaeh56ANfr/kTDrfXPIm/FJ3ztUe2czqcqZ0zSpLES9TvUWwmnPG2ClJ0kdCZIdMYNtmTKwolajA8MjuJlIbcrvbf47bqjHV4k8gSJcNDGF79iA5CUW/FQUWeO80VBTV5IohfBpI/uUtQl8Ckyvqpqks3Zqe75Nwq1NK5b/ItjrFKeXRt6HBHChDjY1H75stYgvbCmldTP5ffPR3T2GzrrPh5knz6I/6U3jIFqYTj+mOColJO2ikVQNyEz30NHkVKc/Y4uabv+oAoGWnpCkKcZkaWtvqMp4jfZ6Hox6nrVZc26HOP5abImnTrvRlonGDCtN3Pf+pqAootkGigrG10imAAgUN1oeaqMIdh1TBssRIJ7t8ae9yzb6JJgANxEs5m8ml1ZPWdn4Hy1kk2Mi+qGCxPIq95R52PQDrFP2vh1buy66eWVvma2qycMYiUgN3lx5SvN1UPN2ls7jChaOJofivehZdBe8uD5tAsSnYX+JQxTSKQnBjLUBsqy96DpEXieU2vjNoAD5oTBFy9uyuVLx0NDEj84QIJWbfIcU/1jmO11PbaVEhVqLhNYgm8fXfNNNCF/eSzUo8C8+aBh2bDb6TDk+VG05svB5ROrSGkRNahp/q9rpI20m+6C+Ii4pp5zVzh1hT5DH3OJqrc0f/4dB/Ij7dPk1K4hUAjp4FbRj+oJ34X6l7s4iVBNM1wuIDkMfm6xWsOC21vchiM5evpS9EEYN1Qc0yUtkp3Na9lMH8YtFiVqjFGnPHuThA00PwfYn+zcu3xPt/Wf1fKqDMEfYSo3PWmRIR8xl4HZyVZL0nAeyhdDhoeXgzRq4453GYHNq9vkL29DwxhWucPcbxQxW0T3jgt0u7job75qlakpVt/5+44X0x3LN5M19qM498nuFcl2qrkUfRLjQBFFVJ8NYiEminakH+aMwLT28n2CrA9SMnkPnK58MYshHCUAcxmVS9sf7FWgbRfSPOWpGtDgnX1iYJaviD61PHs1L+VId8xNfK1Ne8vW11DH8o/BjrMdYcxTKKyY0+05FHS5vhbBgq1lClGmEkLDbbNt3fuZPmZ9bFakxO+7/8LZhvcOxX4DKEozdekNvs6+Llh814EaGKQCi/WibMNVNNLcaJec6EkrrUjgxV+5Xs/fXoabNItba8gVLU3kAKMoA5pCqaenCNUpKX2X9xUWqiLhw8YDDCguFtZz9HZ09RuuPpynBKA4gQ/UWTYs+BueUp7B/gJ80ji4L7Jlhhxf+9u3RTEx2gHeDbe
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:01:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"malware-sample\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4a70-b6ac-4124-af32-47c6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:01:04.000Z",
|
|
|
|
"modified": "2016-04-26T11:01:04.000Z",
|
|
|
|
"description": "payload (PE32)",
|
|
|
|
"pattern": "[file:name = 'favicon.ico' AND file:hashes.SHA1 = '655bccc9f20aada1bf9dedebc2afca46d9286a92']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:01:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha1\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4a71-ea38-4968-a339-4b40950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:01:05.000Z",
|
|
|
|
"modified": "2016-04-26T11:01:05.000Z",
|
|
|
|
"description": "payload (PE32)",
|
|
|
|
"pattern": "[file:name = 'favicon.ico' AND file:hashes.SHA256 = '0cb971685a8229b9c8a5c8302804f09b6c1a73dcde1cfa842323e5c1e5bd7183']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:01:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Payload delivery"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"filename|sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4bdf-93a8-495c-b631-4cc4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:07:11.000Z",
|
|
|
|
"modified": "2016-04-26T11:07:11.000Z",
|
|
|
|
"description": "On port 40443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.192.1.171']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:07:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4bdf-bfb4-4cc5-b3ae-4cfb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:07:11.000Z",
|
|
|
|
"modified": "2016-04-26T11:07:11.000Z",
|
|
|
|
"description": "On port 4043",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.245.92.63']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:07:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4be0-c364-44ca-9415-4319950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:07:12.000Z",
|
|
|
|
"modified": "2016-04-26T11:07:12.000Z",
|
|
|
|
"description": "On port 8043",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.9.113.214']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:07:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4be0-6488-473d-88d2-4e66950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:07:12.000Z",
|
|
|
|
"modified": "2016-04-26T11:07:12.000Z",
|
|
|
|
"description": "On port 4033",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.245.153.154']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:07:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--571f4c48-5b74-41a5-9615-4ac8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:08:56.000Z",
|
|
|
|
"modified": "2016-04-26T11:08:56.000Z",
|
|
|
|
"first_observed": "2016-04-26T11:08:56Z",
|
|
|
|
"last_observed": "2016-04-26T11:08:56Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"email-message--571f4c48-5b74-41a5-9615-4ac8950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"email-subject\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "email-message",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "email-message--571f4c48-5b74-41a5-9615-4ac8950d210f",
|
|
|
|
"is_multipart": false,
|
|
|
|
"subject": "Schmidtke ./. DKV {number}/{number}"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d46-18a0-42e6-9205-4181950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:10.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:10.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.129.96.214']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d46-1a50-403d-833b-4ed0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:10.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:10.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.23.100.253']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d47-8c2c-47e3-be2a-4a00950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:11.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:11.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.39.34.150']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d47-9940-4638-91d4-4f92950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:11.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:11.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.54.137.170']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d47-1494-435f-b2d8-41d4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:11.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:11.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.54.34.69']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d48-8b98-4ed4-9847-4e03950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:12.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:12.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '1.55.144.147']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d48-db9c-43a5-b540-4834950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:12.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:12.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '100.100.148.112']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d49-fe50-435a-8840-4bcc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:13.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:13.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '101.61.60.112']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d49-4ab0-489e-8afd-46d6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:13.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:13.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.15.239.74']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d49-0ef8-4d91-88df-481a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:13.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:13.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.225.101.242']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4a-efc0-4705-a624-4e27950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:14.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:14.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.244.122.58']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4a-dc4c-46ad-953e-4d9b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:14.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:14.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.252.27.204']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4b-3d24-4bc4-8edb-4fb7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:15.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:15.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.37.82.70']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4b-462c-4458-a9b1-40be950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:15.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:15.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '103.38.178.190']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4b-24e4-4b6d-89f6-47ed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:15.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:15.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '105.227.102.13']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4c-196c-493a-b1cf-4173950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:16.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:16.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '105.227.201.25']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4c-9624-4324-884a-455c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:16.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:16.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '105.96.200.154']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4c-8ff0-42bb-95dd-448b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:16.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:16.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '106.216.30.49']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4d-48e4-4823-b1d2-47e5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:17.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:17.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '109.236.38.191']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4d-f56c-4fe3-8f18-4362950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:17.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:17.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '110.224.221.122']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4e-7c28-4c26-a523-4315950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:18.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:18.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '110.227.80.99']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4e-5f9c-45b9-aea4-4727950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:18.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:18.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '110.55.4.24']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4e-6cf0-4ee7-b563-46fa950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:18.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:18.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.161.35.13']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4f-c2a4-48d1-a6ba-424a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:19.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:19.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.163.54.140']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4f-fb5c-4c33-8959-4166950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:19.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:19.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.175.60.217']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d4f-8188-45bd-a79e-4506950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:19.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:19.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.183.246.19']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d50-3ff0-4cbd-b7d3-4bb6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:20.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:20.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.188.154.153']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d50-42c0-4ab5-8e40-470e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:20.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:20.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.189.63.118']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d51-f068-4efe-a515-40d5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:21.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:21.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.190.244.34']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d51-488c-40ec-8982-4f38950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:21.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:21.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '113.190.46.158']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d51-50b8-4c48-8c94-4517950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:21.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:21.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '114.4.132.93']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d52-8d90-477f-836f-45f2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:22.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:22.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.110.83.195']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d52-46c8-4efe-b516-478e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:22.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:22.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '115.249.138.69']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d52-13c4-438e-90d1-4602950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:22.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:22.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.101.10.218']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d53-a428-4789-8a87-4961950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:23.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:23.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.110.113.222']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d53-6ec8-4694-8dd8-43a8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:23.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:23.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.111.34.187']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d54-892c-4699-bb61-4e76950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:24.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:24.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.202.32.122']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d54-89e4-4fa9-a59c-4928950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:24.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:24.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.202.38.118']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d54-f6f8-4384-8a88-46cd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:24.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:24.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.74.215.237']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d55-02cc-4b25-9209-457e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:25.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:25.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '116.75.23.11']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d55-d81c-41a1-ac47-44ff950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:25.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:25.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.193.141.152']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d56-be18-4e13-9356-41f0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:26.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:26.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.193.157.93']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d56-f414-4533-9005-4177950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:26.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:26.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.197.83.245']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d56-56cc-4c2f-8443-4ae8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:26.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:26.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.203.223.230']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d57-53ec-4b8d-a009-42d0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:27.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:27.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.205.175.219']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d57-7f60-4e53-8cd6-425e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:27.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:27.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.206.244.165']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d57-8cf8-41f2-9614-425b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:27.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:27.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.212.48.173']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d58-93b8-4ed9-828f-4bad950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:28.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:28.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.218.54.156']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d58-958c-48fe-880e-4cdf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:28.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:28.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.244.86.133']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d58-78d8-42e1-927c-4997950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:28.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:28.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.247.252.162']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d59-1c58-4534-a146-418b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:29.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:29.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '117.3.243.19']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d59-42dc-4bcb-95ed-4eaf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:29.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:29.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '118.136.221.119']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d59-a27c-48bb-abd0-4cc4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:29.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:29.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '118.136.227.23']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5a-7c20-4763-82e2-407e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:30.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:30.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '118.137.158.82']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5a-7804-4410-a23b-4711950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:30.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:30.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '118.68.148.55']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5b-dfe4-45c3-9b27-4935950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:31.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:31.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '118.70.162.87']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5b-8bf8-4aa3-a0b7-4d30950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:31.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:31.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '120.56.34.226']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5b-32e0-4b6c-928c-47d4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:31.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:31.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '120.59.198.25']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5c-6318-4c0b-b7e4-4b38950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:32.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:32.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '120.59.79.170']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5c-6f7c-4c34-a6a4-428a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:32.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:32.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '120.59.84.103']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5c-cb34-4c76-8708-4ce9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:32.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:32.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '122.252.246.26']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5d-fb38-490f-873e-4efd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:33.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:33.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '122.54.25.66']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5d-5f7c-4d82-b7d7-4d0d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:33.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:33.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '123.22.143.135']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5d-b490-4109-bd76-4425950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:33.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:33.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '124.125.244.98']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5e-b5a0-4a8c-81b1-433e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:34.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:34.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '124.195.222.16']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5e-8860-4c2d-a348-47ff950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:34.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:34.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '125.164.11.238']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5f-54c0-4565-8a47-45fe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:35.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:35.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '130.204.18.34']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d5f-095c-440c-bb83-47b4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:35.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:35.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '130.25.179.163']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d60-1a24-481f-be92-4d45950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:36.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:36.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '139.0.217.63']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d60-6a54-442b-8408-4379950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:36.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:36.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '139.190.196.120']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d60-9bf0-4d80-a091-4bdc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:36.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:36.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '139.190.32.158']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d61-0b0c-4234-91ea-4ae3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:37.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:37.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '139.192.43.19']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d61-9998-4a72-ad29-4235950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:37.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:37.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.139.121.70']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d61-88b0-484c-9c41-48ee950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:37.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:37.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.167.233.167']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d62-bfe8-4a10-849f-410b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:38.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:38.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.167.64.3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d62-3968-4892-aa54-49c6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:38.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:38.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.169.53.46']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d62-3ac4-4ed8-b2c0-4f19950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:38.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:38.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.176.117.6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d63-a2fc-4967-bb14-4bb4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:39.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:39.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.186.155.55']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d63-7380-4d38-9aed-457a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:39.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:39.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.186.178.168']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d63-e98c-4c65-9fc1-4ee5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:39.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:39.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.188.239.236']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d64-6b04-4f75-b87c-4654950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:40.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:40.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.192.159.210']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d64-dadc-401b-9570-475b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:40.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:40.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '14.192.213.31']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d65-a364-460c-82a9-413f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:40.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:40.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '148.246.194.109']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d65-a68c-428b-9ce9-4f4b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:41.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:41.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '150.129.126.153']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d65-238c-44aa-ac84-48b1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:41.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:41.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '151.232.203.30']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d66-9fe0-42a9-bce3-4294950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:42.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:42.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '151.29.148.17']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d66-06b8-408a-a96d-42e5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:42.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:42.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '151.50.72.251']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d66-2f20-4c87-a69d-4225950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:42.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:42.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '151.74.247.169']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d67-ca5c-4149-9cff-4581950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:43.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:43.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '154.122.29.75']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d67-ab7c-4d26-bd2c-4fdf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:43.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:43.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '156.213.70.32']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d67-770c-4d3d-9b98-4b14950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:43.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:43.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '168.187.160.30']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d68-9c44-440d-892d-43c5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:44.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:44.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '171.224.215.215']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d68-4f80-4468-9286-4c56950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:44.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:44.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '171.232.252.80']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d68-d054-4e70-b2c2-427f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:44.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:44.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '171.232.72.171']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d69-1074-4f34-84bb-4181950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:45.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:45.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '171.249.85.231']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d69-bbd4-4cb7-bfe0-41f1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:45.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:45.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '177.136.146.36']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6a-3380-4d17-bd68-4bdd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:46.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:46.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '177.154.220.25']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6a-7ee4-4b2e-b34a-447e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:46.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:46.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '177.154.64.248']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6a-d22c-4a46-910c-4c3f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:46.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:46.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '177.18.225.30']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6b-69d8-4ce8-99f1-4572950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:47.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:47.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '177.228.127.74']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6b-4358-44cb-a3e6-4fb4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:47.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:47.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '177.38.163.122']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6b-ab9c-43c6-b7b3-4ef7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:47.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:47.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '178.214.65.172']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6c-5610-41ec-872a-4bdd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:48.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:48.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '180.188.225.132']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6c-9448-4916-90c3-4e17950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:48.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:48.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '180.188.225.178']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6d-9a54-47b3-857f-4fe2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:49.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:49.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '180.74.169.2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6d-26c0-4090-8749-4c65950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:49.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:49.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '181.113.34.230']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6d-19a4-4cde-8d6c-4668950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:49.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:49.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.180.100.129']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6e-821c-4dbb-9083-4490950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:50.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:50.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.180.75.177']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6e-2d98-402a-a667-468d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:50.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:50.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '182.185.102.135']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6e-8878-4951-ae53-4d88950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:50.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:50.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '183.91.11.115']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6f-153c-4078-b61b-440f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:51.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:51.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.14.212.50']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d6f-3bcc-4804-adaf-4700950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:51.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:51.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '185.142.42.132']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d70-f3e0-4fce-b93c-4d93950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:52.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:52.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '186.0.64.60']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d70-4f64-4e6c-9b00-4f40950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:52.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:52.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '186.101.135.188']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d70-d200-465e-a720-4b0b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:52.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:52.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '186.229.16.154']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d71-8944-40c9-932c-4c7a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:53.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:53.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '187.150.148.6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d71-c99c-4295-ae80-4a52950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:53.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:53.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '187.207.87.125']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d72-dabc-4dc9-90f1-4770950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:54.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:54.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '188.158.184.68']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d72-95e4-4629-9ffa-4578950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:54.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:54.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '188.164.30.198']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d72-34c4-435c-b254-4559950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:54.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:54.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '188.210.191.117']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d73-21e4-496f-8bbb-4c0e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:55.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:55.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '188.3.245.217']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d73-6f2c-4362-a952-4bc2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:55.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:55.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '188.4.185.61']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d74-30c8-437c-88ad-4eb2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:56.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:56.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '189.112.241.41']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d74-4bd8-4a6d-8a48-45bb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:56.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:56.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '189.130.185.5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d74-45d4-4375-9325-4d31950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:56.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:56.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '190.151.206.176']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d75-c0d0-40e6-81cc-4c75950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:57.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:57.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '190.180.46.114']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d75-a714-4661-be83-4216950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:57.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:57.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '194.225.33.191']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d75-7698-4997-b9d5-4d9f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:57.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:57.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '194.42.33.66']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d76-f3ec-47cd-828d-411d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:58.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:58.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '195.74.228.91']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d76-cd0c-4706-b365-4542950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:58.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:58.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '196.29.167.190']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d77-c0b8-4638-a71f-4e17950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:59.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:59.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.0.199.65']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d77-3db0-42f8-a36d-4f4b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:59.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:59.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.148.106.53']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d77-2cb4-4a19-adb9-4d4d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:13:59.000Z",
|
|
|
|
"modified": "2016-04-26T11:13:59.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.15.58.139']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:13:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d78-5184-4b25-9cac-46a8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:00.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:00.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.155.147.246']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d78-3cf4-426d-80c1-4288950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:00.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:00.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.2.171.238']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d78-75e8-41e4-9eb1-44d7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:00.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:00.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.211.52.18']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d79-dde4-4580-96d8-4ffb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:01.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:01.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.221.84.18']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d79-0b1c-4bcb-a99c-4433950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:01.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:01.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.237.90.166']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7a-9f20-4ada-81bb-490b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:02.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:02.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.242.115.41']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7a-2e7c-466a-bd5c-4d38950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:02.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:02.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.248.186.10']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7a-3604-403d-bd76-43f5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:02.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:02.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '197.27.59.48']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7b-c87c-4cb8-8221-4d79950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:03.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:03.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.177.88.155']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7b-f2d8-473d-9c82-4a5c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:03.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:03.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.179.159.152']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7b-f9fc-4e7b-a70e-44e0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:03.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:03.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.182.133.64']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7c-35d4-4724-bc0c-4df7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:04.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:04.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.182.228.209']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7c-3944-45f6-9fa2-4c95950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:04.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:04.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.184.145.76']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7c-9284-40ae-9af9-4db5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:04.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:04.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.191.66.185']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7d-0384-40d1-b3ca-421e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:05.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:05.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.237.212.74']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7d-b89c-4bb6-b9c8-4cc6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:05.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:05.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.50.132.154']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7e-1a0c-4fbc-a405-4fa9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:06.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:06.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '2.50.39.185']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7e-c5b8-4846-b4bc-477c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:06.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:06.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '200.42.160.8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7e-8d80-4573-9f17-46c3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:06.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:06.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '200.83.193.125']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7f-0410-489c-a8ba-4ba9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:07.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:07.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '201.217.144.19']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d7f-3d80-4297-a2e4-4d3b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:07.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:07.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '201.217.145.114']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d80-2158-4f36-8338-421f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:08.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:08.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '201.55.80.222']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d80-4744-4fab-af84-4faa950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:08.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:08.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '213.149.62.29']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d80-ab84-4bf6-b56c-41e5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:08.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:08.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '217.165.147.78']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d81-b1e4-43e7-b5ed-4b1b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:09.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:09.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '217.218.222.99']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d81-e4f8-4264-8972-4080950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:09.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:09.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '223.180.164.232']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d81-71d8-49d6-979d-402a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:09.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:09.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '27.130.57.49']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d82-0cec-4fae-afd9-48f9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:10.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:10.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '27.131.48.82']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d82-1abc-47d9-9965-4763950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:10.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:10.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '27.7.36.20']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d83-32d8-4a29-87e2-4554950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:11.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:11.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '31.44.69.23']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d83-116c-4caa-ade5-4e57950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:11.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:11.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '31.59.94.32']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d84-74d0-4210-b1e1-48fa950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:12.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:12.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '36.88.131.15']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d84-396c-4c9b-b11f-489b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:12.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:12.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '36.88.140.49']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d84-185c-422d-97b2-49c2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:12.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:12.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '37.114.255.237']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d85-0650-42e1-89a2-442e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:13.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:13.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.36.143.254']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d85-136c-4f1f-b92b-4a16950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:13.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:13.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.37.158.10']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d85-a830-48c0-bac8-4bfc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:13.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:13.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.41.38.141']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d86-0d4c-4e94-a422-4029950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:14.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:14.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.42.40.40']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d86-3588-4ce2-82b3-4aee950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:14.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:14.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '39.55.67.74']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d86-2940-486a-a71d-46e2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:14.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:14.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.105.35.115']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d87-ad54-4279-b49d-40b4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:15.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:15.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.105.49.80']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d87-48bc-4a78-ab8e-4c63950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:15.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:15.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.202.197.111']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d88-ad70-4bc3-94a8-4373950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:16.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:16.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.207.12.215']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d88-f99c-4807-8101-434d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:16.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:16.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.207.17.83']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d88-33c4-4a9b-a8a8-44a5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:16.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:16.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.211.146.184']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d89-61d4-43bd-b7ef-472c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:17.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:17.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.222.179.144']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d89-4e70-43a4-a53d-46ed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:17.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:17.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.228.211.25']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d89-a224-47b5-a79f-46a6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:17.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:17.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.242.140.131']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8a-2ccc-42ab-afaa-4dcd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:18.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:18.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.66.12.130']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8a-21b0-4a8f-8b67-4cd2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:18.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:18.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.72.121.144']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8b-23ec-4eac-a76f-432e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:19.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:19.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '41.82.3.208']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8b-8080-4bd2-9a9d-4e22950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:19.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:19.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '42.104.70.53']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8b-c488-4c52-a373-41a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:19.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:19.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '42.112.177.131']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8c-d308-44a9-ab07-4007950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:20.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:20.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '42.112.67.99']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8c-ff24-492b-91e9-4062950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:20.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:20.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '42.116.118.177']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8d-7d3c-467e-874d-433e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:21.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:21.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '45.210.164.97']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8d-1b50-4bf7-9e57-4b80950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:21.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:21.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '46.10.126.234']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8d-84c8-4006-8a00-4469950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:21.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:21.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '46.209.198.242']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8e-b6bc-4e1c-b46f-4c33950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:22.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:22.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '46.224.134.140']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8e-e274-4975-8c06-4318950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:22.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:22.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '46.224.178.79']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8f-da68-4c39-a9fd-4900950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:23.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:23.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '46.71.75.97']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8f-fafc-48ac-9c3d-48cf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:23.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:23.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '49.207.186.99']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d8f-e8e0-4814-a2d8-4d3a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:23.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:23.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '5.160.240.175']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d90-8ba0-465c-94c0-489e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:24.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:24.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '5.190.115.53']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d90-7758-46c8-ab6e-4f2f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:24.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:24.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '5.223.184.171']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d90-d24c-4f3d-8777-43f8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:24.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:24.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '5.223.250.8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d91-c7fc-4013-8424-4e2a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:25.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:25.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '5.224.242.204']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d91-cbc0-475a-81e7-401e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:25.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:25.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '5.232.40.165']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d92-e474-4d1d-8599-4809950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:26.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:26.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '5.234.97.117']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d92-ccd0-4ee6-9f60-45f3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:26.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:26.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '5.235.233.66']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d92-206c-4fbc-a3d7-492d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:26.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:26.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '5.237.24.178']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d93-6a6c-44e7-b208-4cf3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:27.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:27.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '5.78.174.85']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d93-8fac-4ca0-b3ca-4f5d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:27.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:27.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '5.78.234.1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d94-1408-4ac9-ac1b-48d3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:28.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:28.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '58.186.157.133']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d94-31b8-4de4-b52d-4962950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:28.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:28.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '58.186.207.41']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d94-0f90-45b0-9e9c-4061950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:28.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:28.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.161.91.7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d95-e7a0-4c3a-be5d-486f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:29.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:29.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.93.226.65']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d95-0354-44bd-a0f8-4d4f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:29.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:29.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.96.81.250']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d96-6544-4f94-b1a8-444e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:30.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:30.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '59.98.114.81']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d96-3a78-4bdf-8504-45cd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:30.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:30.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '61.91.21.67']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d96-2848-4d56-8306-446b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:30.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:30.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '62.108.13.106']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d96-c2ec-44bb-95b3-4383950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:30.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:30.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '62.156.19.209']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d97-db88-4a61-8e52-42d2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:31.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:31.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '62.24.114.29']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d97-c92c-4d4f-acf6-4ab7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:31.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:31.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '62.28.12.6']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d98-9188-47d6-b657-4108950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:32.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:32.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '62.38.193.70']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d98-36a8-4c35-8c05-4849950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:32.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:32.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '62.4.55.118']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d98-9534-45f0-9385-4dc1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:32.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:32.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '62.42.96.187']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d99-a150-4390-b184-4c98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:33.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:33.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '62.84.92.134']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d99-1ffc-4b46-a492-4f79950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:33.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:33.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '75.143.155.86']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9a-8850-4a3b-bca1-48eb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:34.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:34.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '77.85.81.87']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9a-1444-404d-9a7b-4c68950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:34.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:34.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '78.1.80.118']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9a-7fd4-4a30-b5ad-4e71950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:34.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:34.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '78.155.46.233']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9b-601c-40f6-bfad-4e97950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:35.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:35.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '78.157.18.93']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9b-738c-45a5-8943-4006950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:35.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:35.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '78.166.52.243']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9b-c308-4428-b8d9-40ff950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:35.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:35.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '78.39.233.143']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9c-2920-49a9-9984-4f46950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:36.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:36.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '78.96.73.94']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9c-a510-466d-bd58-4fa2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:36.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:36.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '79.106.16.247']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9d-1200-434e-b642-464e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:37.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:37.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '79.106.7.138']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9d-2210-418f-8eea-473c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:37.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:37.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '79.134.172.173']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9d-d6e4-48e3-aeab-476b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:37.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:37.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '79.35.175.219']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9e-c224-4c32-a9eb-4584950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:38.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:38.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '79.61.133.142']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9e-1158-4cd5-ac3f-46cb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:38.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:38.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '79.62.112.169']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9e-d7c0-41f3-be1b-4f08950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:38.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:38.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '80.14.112.237']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9f-264c-4e3c-8d4d-42e4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:39.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:39.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '81.136.203.54']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9f-fe2c-4e22-9196-426f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:39.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:39.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '81.213.45.197']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4d9f-86ec-4636-ab7d-4e0b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:39.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:39.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '81.33.179.253']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da0-a534-425c-a00e-41fa950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:40.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:40.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '82.139.152.50']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da0-1f44-4326-8608-4a95950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:40.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:40.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '83.138.193.11']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da1-f640-4514-8a62-487e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:41.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:41.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '83.16.166.10']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da1-c83c-48bc-8987-4d34950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:41.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:41.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '83.16.219.170']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da1-74c8-4041-9d07-4974950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:41.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:41.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '84.22.34.24']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da2-ab84-40e4-b6b2-478c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:42.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:42.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '84.241.45.219']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da2-dab0-4adc-88dc-40e3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:42.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:42.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '84.241.9.98']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da2-dfa8-469c-8cb6-4b76950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:42.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:42.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '84.43.129.87']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da3-4414-4b4c-aa12-4a48950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:43.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:43.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '84.47.242.3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da3-2688-4129-80f0-4bd1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:43.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:43.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '85.101.184.107']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da3-eb58-492f-aed3-43bd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:43.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:43.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '85.109.139.228']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da4-96c0-4c64-a280-4c96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:44.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:44.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '86.98.71.85']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da4-2868-4a6c-8226-4dbd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:44.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:44.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '88.203.204.68']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da5-413c-4a0d-8134-4429950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:45.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:45.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '88.244.9.255']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da5-35f0-4a06-84db-4c2c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:45.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:45.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '88.249.249.192']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da5-f4c4-4f42-8659-463a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:45.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:45.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '88.249.45.57']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da6-e800-4a02-86f4-457e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:46.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:46.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '88.85.247.106']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da6-35c8-4e2c-9436-47e5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:46.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:46.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '89.215.64.38']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da7-f858-4296-9e64-4e13950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:47.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:47.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '89.253.144.12']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da7-c580-4f18-af54-40ad950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:47.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:47.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '89.72.211.60']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da7-a650-4c26-b4f9-4599950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:47.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:47.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '91.106.93.114']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da8-9a2c-420c-bbc2-4020950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:48.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:48.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '92.103.170.206']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da8-f0a4-4ec8-8342-4770950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:48.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:48.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '92.62.76.46']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da9-5e38-4461-bb6d-409e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:49.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:49.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '92.84.13.25']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da9-9f6c-43b6-827f-4a52950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:49.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:49.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '93.117.23.41']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4da9-1624-4112-ac1c-4ce8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:49.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:49.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '93.155.215.90']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4daa-3db8-477b-a48f-4828950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:50.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:50.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '93.37.39.118']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4daa-a1d4-4ee4-b5df-4272950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:50.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:50.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '93.42.42.10']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4daa-ca30-4c13-aa83-4a52950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:50.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:50.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '93.93.194.221']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4dab-5fe0-4ca2-ad5d-40cf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:51.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:51.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '94.183.69.250']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4dab-66a8-4c46-936b-4669950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:51.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:51.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '94.62.10.103']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4dac-5118-4a37-99b9-488f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:52.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:52.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '94.98.112.66']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4dac-1324-4497-a47b-4073950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:52.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:52.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '95.13.185.14']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4dac-aff4-4829-bf0c-4f25950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:52.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:52.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '95.218.122.116']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4dad-7288-4c71-8fbd-4b4b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:53.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:53.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '95.70.208.224']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4dad-14d0-4174-8cd8-4214950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:14:53.000Z",
|
|
|
|
"modified": "2016-04-26T11:14:53.000Z",
|
|
|
|
"description": "spambot (originating SMTP connection)",
|
|
|
|
"pattern": "[network-traffic:src_ref.type = 'ipv4-addr' AND network-traffic:src_ref.value = '95.77.137.76']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:14:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-src\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4ee7-37d0-4182-b038-4fb1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:07.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:07.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '189.186.134.237']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4ee7-ed7c-487c-b13c-4b4f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:07.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:07.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '187.223.251.200']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4ee7-d938-4746-bbc2-4cdf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:07.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:07.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '71.40.6.230']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4ee8-911c-4e35-86bc-4e59950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:08.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:08.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '64.77.250.186']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4ee8-5734-4e4e-b8c4-40b2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:08.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:08.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '179.56.191.74']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4ee8-b304-4e3e-acb9-4397950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:08.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:08.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '73.23.97.118']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4ee9-b950-4ec9-a11a-4b6e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:09.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:09.000Z",
|
|
|
|
"description": "On port 443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '197.96.139.253']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4ee9-b804-46b5-a026-4e5b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:09.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:09.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '5.55.49.246']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4eea-be98-4386-97b3-4589950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:10.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:10.000Z",
|
|
|
|
"description": "On port 443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '222.255.121.202']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4eea-f844-428f-bffa-45ec950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:10.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:10.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.104.197.45']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4eeb-49f4-4e9e-82f5-4d76950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:11.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:11.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.174.126.37']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4eeb-3eec-49c2-b7b0-4682950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:11.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:11.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.27.115.9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4eeb-d44c-4140-a9b2-4289950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:11.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:11.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.230.227.80']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4eec-ac90-4910-a89c-41ac950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:12.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:12.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '71.65.220.253']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4eec-6ff4-4d42-84ba-4bd1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:12.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:12.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.23.68.42']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4eed-e040-477f-bf47-43e3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:13.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:13.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '179.51.25.160']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4eed-aba4-40f5-9cf3-4927950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:13.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:13.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '90.207.206.125']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4eed-41c0-4047-abd8-4e88950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:13.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:13.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '71.9.39.36']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4eee-8060-409d-99f1-405e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:14.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:14.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.23.137.237']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4eee-8118-4438-a072-48a7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:14.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:14.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.195.206.138']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4eef-09c0-4a58-9ec1-4ca3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:15.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:15.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.69.28.74']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4eef-ebd4-433b-a04e-4e76950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:15.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:15.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '98.173.22.9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--571f4ef0-ff4c-4d70-809c-4d5f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:20:16.000Z",
|
|
|
|
"modified": "2016-04-26T11:20:16.000Z",
|
|
|
|
"description": "On port 8443",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '181.143.109.203']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2016-04-26T11:20:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--571f4fc5-01ec-475a-a9c9-413902de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:23:49.000Z",
|
|
|
|
"modified": "2016-04-26T11:23:49.000Z",
|
|
|
|
"first_observed": "2016-04-26T11:23:49Z",
|
|
|
|
"last_observed": "2016-04-26T11:23:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--571f4fc5-01ec-475a-a9c9-413902de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--571f4fc5-01ec-475a-a9c9-413902de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/0cb971685a8229b9c8a5c8302804f09b6c1a73dcde1cfa842323e5c1e5bd7183/analysis/1461669224/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--571f4fc6-e478-4cb3-87ed-448402de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:23:50.000Z",
|
|
|
|
"modified": "2016-04-26T11:23:50.000Z",
|
|
|
|
"first_observed": "2016-04-26T11:23:50Z",
|
|
|
|
"last_observed": "2016-04-26T11:23:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--571f4fc6-e478-4cb3-87ed-448402de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--571f4fc6-e478-4cb3-87ed-448402de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/571ec352e3ce457461abe7f50e662ba967565f053b3862a77edf2f2e5a49efb5/analysis/1461669014/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--571f4fc6-f5dc-4384-99ac-44fe02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:23:50.000Z",
|
|
|
|
"modified": "2016-04-26T11:23:50.000Z",
|
|
|
|
"first_observed": "2016-04-26T11:23:50Z",
|
|
|
|
"last_observed": "2016-04-26T11:23:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--571f4fc6-f5dc-4384-99ac-44fe02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--571f4fc6-f5dc-4384-99ac-44fe02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/0a22988c2ddfd6e79c2f7ec3f41664b177058c9559de0a7cf5f36541b4a4934b/analysis/1461669248/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--571f4fc7-00fc-4fd7-8818-451902de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:23:51.000Z",
|
|
|
|
"modified": "2016-04-26T11:23:51.000Z",
|
|
|
|
"first_observed": "2016-04-26T11:23:51Z",
|
|
|
|
"last_observed": "2016-04-26T11:23:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--571f4fc7-00fc-4fd7-8818-451902de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--571f4fc7-00fc-4fd7-8818-451902de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/199f1721347c5f68afe67382a35597a4b0232e62696a15d56a68da834749174e/analysis/1461668811/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--571f4fc7-b3ac-44a7-9f17-451d02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:23:51.000Z",
|
|
|
|
"modified": "2016-04-26T11:23:51.000Z",
|
|
|
|
"first_observed": "2016-04-26T11:23:51Z",
|
|
|
|
"last_observed": "2016-04-26T11:23:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--571f4fc7-b3ac-44a7-9f17-451d02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--571f4fc7-b3ac-44a7-9f17-451d02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/6ae3b4c428b4aeffa71b2bcfe6a97f636fe1dc8c22a5eb5b0581854e40c7235e/analysis/1461667019/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--571f4fc7-b2b4-41fa-8042-484502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:23:51.000Z",
|
|
|
|
"modified": "2016-04-26T11:23:51.000Z",
|
|
|
|
"first_observed": "2016-04-26T11:23:51Z",
|
|
|
|
"last_observed": "2016-04-26T11:23:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--571f4fc7-b2b4-41fa-8042-484502de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--571f4fc7-b2b4-41fa-8042-484502de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/80f1e56014e6a011bdd046311aa963e38bbbab83b8e8d6e4eae35053c58f3f88/analysis/1461668461/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--571f4fc8-8c34-4c60-bcc1-464302de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:23:52.000Z",
|
|
|
|
"modified": "2016-04-26T11:23:52.000Z",
|
|
|
|
"first_observed": "2016-04-26T11:23:52Z",
|
|
|
|
"last_observed": "2016-04-26T11:23:52Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--571f4fc8-8c34-4c60-bcc1-464302de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--571f4fc8-8c34-4c60-bcc1-464302de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/0d9fa3864fbf8a225b33f249dd4795d75cce2532f0b03ff5faf59d9ebc0cee79/analysis/1461666662/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--571f4fc8-91b4-4e9e-91d5-4b4002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:23:52.000Z",
|
|
|
|
"modified": "2016-04-26T11:23:52.000Z",
|
|
|
|
"first_observed": "2016-04-26T11:23:52Z",
|
|
|
|
"last_observed": "2016-04-26T11:23:52Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--571f4fc8-91b4-4e9e-91d5-4b4002de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--571f4fc8-91b4-4e9e-91d5-4b4002de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/e89b229de6f4ac9891b2f507c7cfc57e48ae46a431ce02162dcd0e6b4d748e5b/analysis/1461668768/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--571f4fc9-7ea8-46bf-8da6-46eb02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2016-04-26T11:23:53.000Z",
|
|
|
|
"modified": "2016-04-26T11:23:53.000Z",
|
|
|
|
"first_observed": "2016-04-26T11:23:53Z",
|
|
|
|
"last_observed": "2016-04-26T11:23:53Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--571f4fc9-7ea8-46bf-8da6-46eb02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--571f4fc9-7ea8-46bf-8da6-46eb02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/d9ca8639623a362440381b728db0362e1db5a63aed0aa23a3251923f81d42ef8/analysis/1461667292/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|