2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--591bfe00-bb40-4958-9c33-4b87950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--591bfe00-bb40-4958-9c33-4b87950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"name": "2017-05-16 Malspam Emailing:#####.pdf.pdf",
|
|
|
|
"published": "2017-05-17T09:54:20Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--591bfe02-54c8-4081-9eb6-46b6950d210f",
|
|
|
|
"indicator--591bfe03-adc4-4ce5-bb86-43a5950d210f",
|
|
|
|
"indicator--591bfe05-ff30-4a45-876a-4830950d210f",
|
|
|
|
"indicator--591bfe0c-d460-470e-bd52-4467950d210f",
|
|
|
|
"indicator--591bfe11-d14c-4887-9658-4070950d210f",
|
|
|
|
"indicator--591bfe13-72f4-4499-a85a-416a950d210f",
|
|
|
|
"indicator--591bfe16-18a4-4ede-903f-4133950d210f",
|
|
|
|
"indicator--591bfe17-9bd4-4ff2-b1c1-4ea9950d210f",
|
|
|
|
"indicator--591bfe19-e020-4db4-9cad-4ae8950d210f",
|
|
|
|
"indicator--591bfe1a-2d6c-44e7-92d3-4bdd950d210f",
|
|
|
|
"indicator--591bfe1b-cd28-404a-9e7d-4a64950d210f",
|
|
|
|
"indicator--591bfe1d-bc68-4561-a5ba-4487950d210f",
|
|
|
|
"indicator--591bfe1e-8db0-4828-8108-4ad8950d210f",
|
|
|
|
"indicator--591bfe20-3ae8-4ae8-89a1-4ddf950d210f",
|
|
|
|
"indicator--591bfe22-4654-4e5c-8191-47a7950d210f",
|
|
|
|
"indicator--591bfe24-ea94-4f94-8426-4ea9950d210f",
|
|
|
|
"indicator--591bfe25-2cf0-4275-8049-4805950d210f",
|
|
|
|
"indicator--591bfe28-f2ac-4224-9bf8-4fed950d210f",
|
|
|
|
"indicator--591bfe29-8038-4e47-9d72-42e0950d210f",
|
|
|
|
"indicator--591bfe2b-4f14-4986-8483-4c72950d210f",
|
|
|
|
"indicator--591bfe2d-7b30-4b2a-80a8-44f2950d210f",
|
|
|
|
"indicator--591bfe30-f1e8-488a-8bc3-41d7950d210f",
|
|
|
|
"indicator--591bfe31-2330-40c6-9193-424b950d210f",
|
|
|
|
"indicator--591bfe33-6f0c-42b5-946a-498e950d210f",
|
|
|
|
"indicator--591bfe35-6e14-47aa-8a73-4f15950d210f",
|
|
|
|
"indicator--591bfe37-6564-409d-8be2-4171950d210f",
|
|
|
|
"indicator--591bfe39-400c-4697-8abd-419c950d210f",
|
|
|
|
"indicator--591bfe3b-ae80-4bb7-9773-4695950d210f",
|
|
|
|
"indicator--591bfe3d-0ba0-411c-a1a0-42bb950d210f",
|
|
|
|
"indicator--591bfe3e-21c4-4931-ad61-4b5f950d210f",
|
|
|
|
"indicator--591bfe40-91a0-4f35-bc04-4039950d210f",
|
|
|
|
"indicator--591bfe42-a858-49f7-919f-4652950d210f",
|
|
|
|
"indicator--591bfe44-4ed8-408f-9acc-44f3950d210f",
|
|
|
|
"indicator--591bfe46-2450-420e-9128-4b75950d210f",
|
|
|
|
"indicator--591bfe47-40e4-44df-b808-46e5950d210f",
|
|
|
|
"indicator--591bfe49-55e8-46a4-9c75-41d3950d210f",
|
|
|
|
"indicator--591bfe4c-66a0-4ce0-9a72-41e7950d210f",
|
|
|
|
"indicator--591bfe52-4af8-4d57-9eae-465e950d210f",
|
|
|
|
"indicator--591bfe5d-0d88-4ea4-a4ed-4947950d210f",
|
|
|
|
"indicator--591bfe63-cb20-47ce-a80b-43fe950d210f",
|
|
|
|
"indicator--591bfe65-d580-437c-9d4c-47a4950d210f",
|
|
|
|
"indicator--591bfe68-ec58-4339-9497-4ded950d210f",
|
|
|
|
"indicator--591bfe6a-8a28-43b1-b614-425b950d210f",
|
|
|
|
"indicator--591bfe6c-9ce8-460b-8447-49ab950d210f",
|
|
|
|
"indicator--591bfe6f-6638-49ac-a119-42b5950d210f",
|
|
|
|
"indicator--591bfe71-0a2c-4d44-ad85-4895950d210f",
|
|
|
|
"indicator--591bfe74-6118-44fd-bfcd-4692950d210f",
|
|
|
|
"indicator--591bfe77-d260-4560-9695-4dad950d210f",
|
|
|
|
"indicator--591bfe7a-3c94-4c5f-9130-496b950d210f",
|
|
|
|
"indicator--591bfe7d-2e14-42cc-8b93-4a02950d210f",
|
|
|
|
"indicator--591bfe80-f860-4ef4-a5ca-459a950d210f",
|
|
|
|
"indicator--591bfe83-5834-43b1-81c3-4648950d210f",
|
|
|
|
"indicator--591bfe85-e9d0-428b-94bd-4c24950d210f",
|
|
|
|
"indicator--591bfe88-b8d0-485c-934e-46bc950d210f",
|
|
|
|
"indicator--591bfe8c-45bc-4b73-a6e6-418b950d210f",
|
|
|
|
"indicator--591bfe8f-96fc-4398-bb01-4758950d210f",
|
|
|
|
"indicator--591bfe92-a0b8-4ecd-97ad-4b01950d210f",
|
|
|
|
"indicator--591bfe96-ba3c-4e2e-9f26-4770950d210f",
|
|
|
|
"indicator--591bfe99-218c-4d6d-959d-40fa950d210f",
|
|
|
|
"indicator--591bfe9c-fcf0-4b94-bbdf-4b29950d210f",
|
|
|
|
"indicator--591bfe9f-49b8-4d0b-8b17-4e23950d210f",
|
|
|
|
"indicator--591bfea1-3334-4391-9635-4216950d210f",
|
|
|
|
"indicator--591bfea4-60ec-47fa-8af9-4d73950d210f",
|
|
|
|
"indicator--591bfea7-087c-46b3-ac68-4d05950d210f",
|
|
|
|
"indicator--591bfeaa-1f28-4a27-8364-4064950d210f",
|
|
|
|
"indicator--591bfead-fe88-4a9b-84e2-49ed950d210f",
|
|
|
|
"indicator--591bfeb0-58fc-4fb1-a718-49e3950d210f",
|
|
|
|
"indicator--591bfeb3-14e0-44f9-89f0-4859950d210f",
|
|
|
|
"indicator--591bfeb7-29f4-48cb-9478-47f4950d210f",
|
|
|
|
"indicator--591bfeba-b580-43b7-a60a-4006950d210f",
|
|
|
|
"indicator--591bfebe-9588-4633-945f-498c950d210f",
|
|
|
|
"indicator--591bfec0-ce18-489d-8b6c-4c34950d210f",
|
|
|
|
"indicator--591bfec5-3a64-41e4-9fb9-4c77950d210f",
|
|
|
|
"indicator--591bfec9-4e34-48d8-93de-453e950d210f",
|
|
|
|
"indicator--591bfecc-74e8-41dc-9833-4bc7950d210f",
|
|
|
|
"indicator--591bfecf-41d8-4b0d-b828-431f950d210f",
|
|
|
|
"indicator--591bfed2-1fb4-4737-b18b-4acc950d210f",
|
|
|
|
"indicator--591bfed5-5350-43b9-98df-41dc950d210f",
|
|
|
|
"indicator--591bfed9-e324-4b84-828f-4144950d210f",
|
|
|
|
"indicator--591bfedc-6628-4d71-a9b8-4d98950d210f",
|
|
|
|
"indicator--591bfedf-ac4c-4768-8cf4-4199950d210f",
|
|
|
|
"indicator--591bfee3-f80c-4c95-bbf7-4f26950d210f",
|
|
|
|
"observed-data--591bfee6-1c58-4e3f-bbec-4447950d210f",
|
|
|
|
"url--591bfee6-1c58-4e3f-bbec-4447950d210f",
|
|
|
|
"observed-data--591bfeea-a974-4973-bd3c-42d1950d210f",
|
|
|
|
"url--591bfeea-a974-4973-bd3c-42d1950d210f",
|
|
|
|
"observed-data--591bfeed-33e8-4d35-a78c-4b21950d210f",
|
|
|
|
"url--591bfeed-33e8-4d35-a78c-4b21950d210f",
|
|
|
|
"indicator--591bfef1-2754-4821-8c2c-4ca7950d210f",
|
|
|
|
"indicator--591bfefc-8c10-4cf4-8c48-4506950d210f",
|
|
|
|
"indicator--591c0d3c-b1f8-4e53-8f19-44f302de0b81",
|
|
|
|
"observed-data--591c0d3d-9c40-4330-bcef-4c3302de0b81",
|
|
|
|
"url--591c0d3d-9c40-4330-bcef-4c3302de0b81",
|
|
|
|
"indicator--591c0d3d-2f64-49f3-ab52-410002de0b81",
|
|
|
|
"indicator--591c0d3d-4bcc-44ca-b954-4a1b02de0b81",
|
|
|
|
"observed-data--591c0d3e-64c4-42e1-ad8e-4fc102de0b81",
|
|
|
|
"url--591c0d3e-64c4-42e1-ad8e-4fc102de0b81",
|
|
|
|
"indicator--591c0d3e-f17c-474f-9197-435f02de0b81",
|
|
|
|
"indicator--591c0d3f-e758-4e93-aa48-49da02de0b81",
|
|
|
|
"observed-data--591c0d3f-c890-4251-a766-4e4202de0b81",
|
|
|
|
"url--591c0d3f-c890-4251-a766-4e4202de0b81",
|
|
|
|
"indicator--591c0d3f-be88-43f8-b93e-497202de0b81",
|
|
|
|
"indicator--591c0d40-4c50-4293-b2d0-4a2602de0b81",
|
|
|
|
"observed-data--591c0d40-301c-4005-ac84-477b02de0b81",
|
|
|
|
"url--591c0d40-301c-4005-ac84-477b02de0b81",
|
|
|
|
"indicator--591c0d41-f978-4e20-87a9-43eb02de0b81",
|
|
|
|
"indicator--591c0d41-b4c8-4288-9d02-4cdb02de0b81",
|
|
|
|
"observed-data--591c0d41-3bfc-4e79-b524-418b02de0b81",
|
|
|
|
"url--591c0d41-3bfc-4e79-b524-418b02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"misp-galaxy:ransomware=\"Jaff\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe02-54c8-4081-9eb6-46b6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'ed8ed2f15cc120d56101f9278d2b7a90']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe03-adc4-4ce5-bb86-43a5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3564428de04f35a9a9c7b1828d60edce']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe05-ff30-4a45-876a-4830950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'e79e31c6caee2d64b25588337e979eab']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe0c-d460-470e-bd52-4467950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'c2a760c6461449ac1d5a5538242bed11']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe11-d14c-4887-9658-4070950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2b2c0737949a56528b0834f642ff2635']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe13-72f4-4499-a85a-416a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'fabc5b9309a1ffcbf9028cd01cf440edbd654c2faaacf7e64e5a39d63775a33e']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe16-18a4-4ede-903f-4133950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://beautyandearth.com/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe17-9bd4-4ff2-b1c1-4ea9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'beautyandearth.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe19-e020-4db4-9cad-4ae8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "beautyandearth.com",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '108.167.156.28']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe1a-2d6c-44e7-92d3-4bdd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://biarritzru.com/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe1b-cd28-404a-9e7d-4a64950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'biarritzru.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe1d-bc68-4561-a5ba-4487950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "biarritzru.com",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.177.141.58']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe1e-8db0-4828-8108-4ad8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://bioferme.biz/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe20-3ae8-4ae8-89a1-4ddf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'bioferme.biz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe22-4654-4e5c-8191-47a7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "bioferme.biz",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '219.118.71.133']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe24-ea94-4f94-8426-4ea9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://daweizhi.com/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe25-2cf0-4275-8049-4805950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'daweizhi.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe28-f2ac-4224-9bf8-4fed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "daweizhi.com",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.29.111.183']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe29-8038-4e47-9d72-42e0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://dodawanie.com/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe2b-4f14-4986-8483-4c72950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'dodawanie.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe2d-7b30-4b2a-80a8-44f2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "dodawanie.com",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.23.21.13']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe30-f1e8-488a-8bc3-41d7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "dodawanie.com",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.23.21.123']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe31-2330-40c6-9193-424b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://herrossoidffr6644qa.top/af/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe33-6f0c-42b5-946a-498e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'herrossoidffr6644qa.top']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe35-6e14-47aa-8a73-4f15950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "herrossoidffr6644qa.top",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '34.209.214.237']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe37-6564-409d-8be2-4171950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://jomoba35.com/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe39-400c-4697-8abd-419c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'jomoba35.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe3b-ae80-4bb7-9773-4695950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "jomoba35.com",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '143.95.239.78']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe3d-0ba0-411c-a1a0-42bb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://joshcomeauxhair.com/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe3e-21c4-4931-ad61-4b5f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'joshcomeauxhair.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe40-91a0-4f35-bc04-4039950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "joshcomeauxhair.com",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.13.247']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe42-a858-49f7-919f-4652950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://jsplast.ru/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe44-4ed8-408f-9acc-44f3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'jsplast.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe46-2450-420e-9128-4b75950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "jsplast.ru",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.58.119.16']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe47-40e4-44df-b808-46e5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://juvadent.de/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe49-55e8-46a4-9c75-41d3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'juvadent.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe4c-66a0-4ce0-9a72-41e7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "juvadent.de",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '80.150.6.143']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe52-4af8-4d57-9eae-465e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://opearl.net/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe5d-0d88-4ea4-a4ed-4947950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'opearl.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe63-cb20-47ce-a80b-43fe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "opearl.net",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '120.76.230.45']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe65-d580-437c-9d4c-47a4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://outdoor-sauerland.de/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe68-ec58-4339-9497-4ded950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'outdoor-sauerland.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe6a-8a28-43b1-b614-425b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "outdoor-sauerland.de",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.169.145.172']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe6c-9ce8-460b-8447-49ab950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://personalizar.net/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe6f-6638-49ac-a119-42b5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'personalizar.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe71-0a2c-4d44-ad85-4895950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "personalizar.net",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '81.88.57.70']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe74-6118-44fd-bfcd-4692950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://playmindltd.com/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe77-d260-4560-9695-4dad950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'playmindltd.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe7a-3c94-4c5f-9130-496b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "playmindltd.com",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.63.135.197']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe7d-2e14-42cc-8b93-4a02950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://reefclub.ru/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe80-f860-4ef4-a5ca-459a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'reefclub.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe83-5834-43b1-81c3-4648950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "reefclub.ru",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '79.137.163.53']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe85-e9d0-428b-94bd-4c24950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://ripasso.nl/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe88-b8d0-485c-934e-46bc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ripasso.nl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe8c-45bc-4b73-a6e6-418b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "ripasso.nl",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.70.4.32']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe8f-96fc-4398-bb01-4758950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://sjffonrvcik45bd.info/af/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe92-a0b8-4ecd-97ad-4b01950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'sjffonrvcik45bd.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe96-ba3c-4e2e-9f26-4770950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://tidytrend.com/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe99-218c-4d6d-959d-40fa950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'tidytrend.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe9c-fcf0-4b94-bbdf-4b29950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "tidytrend.com",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.26.179']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfe9f-49b8-4d0b-8b17-4e23950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://titanmachinery.com.au/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfea1-3334-4391-9635-4216950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'titanmachinery.com.au']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfea4-60ec-47fa-8af9-4d73950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "titanmachinery.com.au",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '101.0.99.38']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfea7-087c-46b3-ac68-4d05950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://tomcarservice.it/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfeaa-1f28-4a27-8364-4064950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'tomcarservice.it']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfead-fe88-4a9b-84e2-49ed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "tomcarservice.it",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.245.188.95']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfeb0-58fc-4fb1-a718-49e3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://valpit.ru/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfeb3-14e0-44f9-89f0-4859950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'valpit.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfeb7-29f4-48cb-9478-47f4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "valpit.ru",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.70.26.37']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfeba-b580-43b7-a60a-4006950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "valpit.ru",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.85.61.76']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfebe-9588-4633-945f-498c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://ventrust.ro/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfec0-ce18-489d-8b6c-4c34950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ventrust.ro']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfec5-3a64-41e4-9fb9-4c77950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "ventrust.ro",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.223.209.5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfec9-4e34-48d8-93de-453e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://vipan-photography.com/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfecc-74e8-41dc-9833-4bc7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'vipan-photography.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfecf-41d8-4b0d-b828-431f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "vipan-photography.com",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.65.115.35']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfed2-1fb4-4737-b18b-4acc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://wizbam.com/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfed5-5350-43b9-98df-41dc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'wizbam.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfed9-e324-4b84-828f-4144950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "wizbam.com",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '107.180.48.250']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfedc-6628-4d71-a9b8-4d98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://eesiiuroffde445.com/a5/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfedf-ac4c-4768-8cf4-4199950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'eesiiuroffde445.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfee3-f80c-4c95-bbf7-4f26950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"description": "eesiiuroffde445.com",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '47.91.107.213']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--591bfee6-1c58-4e3f-bbec-4447950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"first_observed": "2017-05-17T08:42:59Z",
|
|
|
|
"last_observed": "2017-05-17T08:42:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--591bfee6-1c58-4e3f-bbec-4447950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--591bfee6-1c58-4e3f-bbec-4447950d210f",
|
|
|
|
"value": "https://www.virustotal.com/en/file/fabc5b9309a1ffcbf9028cd01cf440edbd654c2faaacf7e64e5a39d63775a33e/analysis/1494930087/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--591bfeea-a974-4973-bd3c-42d1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"first_observed": "2017-05-17T08:42:59Z",
|
|
|
|
"last_observed": "2017-05-17T08:42:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--591bfeea-a974-4973-bd3c-42d1950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--591bfeea-a974-4973-bd3c-42d1950d210f",
|
|
|
|
"value": "https://malwr.com/submission/status/MmY0ZTQ2ODQzZjNhNDlkNzkyZjJiNDUwZmUzMmRjMGY/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--591bfeed-33e8-4d35-a78c-4b21950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"first_observed": "2017-05-17T08:42:59Z",
|
|
|
|
"last_observed": "2017-05-17T08:42:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--591bfeed-33e8-4d35-a78c-4b21950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--591bfeed-33e8-4d35-a78c-4b21950d210f",
|
|
|
|
"value": "https://www.hybrid-analysis.com/sample/fabc5b9309a1ffcbf9028cd01cf440edbd654c2faaacf7e64e5a39d63775a33e?environmentId=100"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfef1-2754-4821-8c2c-4ca7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'wizbam.com/Nbiyure3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591bfefc-8c10-4cf4-8c48-4506950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:42:59.000Z",
|
|
|
|
"modified": "2017-05-17T08:42:59.000Z",
|
|
|
|
"pattern": "[url:value = 'eesiiuroffde445.com/a5/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:42:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591c0d3c-b1f8-4e53-8f19-44f302de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:43:40.000Z",
|
|
|
|
"modified": "2017-05-17T08:43:40.000Z",
|
|
|
|
"description": "- Xchecked via VT: fabc5b9309a1ffcbf9028cd01cf440edbd654c2faaacf7e64e5a39d63775a33e",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '2c8ea5c1957ab9ccf4afd255aeea47f13e278814']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:43:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--591c0d3d-9c40-4330-bcef-4c3302de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:43:41.000Z",
|
|
|
|
"modified": "2017-05-17T08:43:41.000Z",
|
|
|
|
"first_observed": "2017-05-17T08:43:41Z",
|
|
|
|
"last_observed": "2017-05-17T08:43:41Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--591c0d3d-9c40-4330-bcef-4c3302de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--591c0d3d-9c40-4330-bcef-4c3302de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/fabc5b9309a1ffcbf9028cd01cf440edbd654c2faaacf7e64e5a39d63775a33e/analysis/1494948925/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591c0d3d-2f64-49f3-ab52-410002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:43:41.000Z",
|
|
|
|
"modified": "2017-05-17T08:43:41.000Z",
|
|
|
|
"description": "- Xchecked via VT: c2a760c6461449ac1d5a5538242bed11",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '387812ee2820cbf49812b1b229b7d8721ee37296f7b6018332a56e30a99e1092']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:43:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591c0d3d-4bcc-44ca-b954-4a1b02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:43:41.000Z",
|
|
|
|
"modified": "2017-05-17T08:43:41.000Z",
|
|
|
|
"description": "- Xchecked via VT: c2a760c6461449ac1d5a5538242bed11",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '59684c6261afc698c0f6a46658986f0268f4c5a0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:43:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--591c0d3e-64c4-42e1-ad8e-4fc102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:43:42.000Z",
|
|
|
|
"modified": "2017-05-17T08:43:42.000Z",
|
|
|
|
"first_observed": "2017-05-17T08:43:42Z",
|
|
|
|
"last_observed": "2017-05-17T08:43:42Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--591c0d3e-64c4-42e1-ad8e-4fc102de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--591c0d3e-64c4-42e1-ad8e-4fc102de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/387812ee2820cbf49812b1b229b7d8721ee37296f7b6018332a56e30a99e1092/analysis/1495000686/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591c0d3e-f17c-474f-9197-435f02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:43:42.000Z",
|
|
|
|
"modified": "2017-05-17T08:43:42.000Z",
|
|
|
|
"description": "- Xchecked via VT: e79e31c6caee2d64b25588337e979eab",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'aca726cb504599206e66823ff2863eb80c6a5f16ff71ca9fcdd907ad39b2d852']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:43:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591c0d3f-e758-4e93-aa48-49da02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:43:43.000Z",
|
|
|
|
"modified": "2017-05-17T08:43:43.000Z",
|
|
|
|
"description": "- Xchecked via VT: e79e31c6caee2d64b25588337e979eab",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'f0105d132d880d602b37912d93abb712b2b281d8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:43:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--591c0d3f-c890-4251-a766-4e4202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:43:43.000Z",
|
|
|
|
"modified": "2017-05-17T08:43:43.000Z",
|
|
|
|
"first_observed": "2017-05-17T08:43:43Z",
|
|
|
|
"last_observed": "2017-05-17T08:43:43Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--591c0d3f-c890-4251-a766-4e4202de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--591c0d3f-c890-4251-a766-4e4202de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/aca726cb504599206e66823ff2863eb80c6a5f16ff71ca9fcdd907ad39b2d852/analysis/1494969979/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591c0d3f-be88-43f8-b93e-497202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:43:43.000Z",
|
|
|
|
"modified": "2017-05-17T08:43:43.000Z",
|
|
|
|
"description": "- Xchecked via VT: 3564428de04f35a9a9c7b1828d60edce",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'ae7f1496e098b24ed52f3796b2751e31300c1f414cdb9852ccb42dfdc261c98d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:43:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591c0d40-4c50-4293-b2d0-4a2602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:43:44.000Z",
|
|
|
|
"modified": "2017-05-17T08:43:44.000Z",
|
|
|
|
"description": "- Xchecked via VT: 3564428de04f35a9a9c7b1828d60edce",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'a081c02d29b46053c1db0d7ec09012e438e091dc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:43:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--591c0d40-301c-4005-ac84-477b02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:43:44.000Z",
|
|
|
|
"modified": "2017-05-17T08:43:44.000Z",
|
|
|
|
"first_observed": "2017-05-17T08:43:44Z",
|
|
|
|
"last_observed": "2017-05-17T08:43:44Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--591c0d40-301c-4005-ac84-477b02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--591c0d40-301c-4005-ac84-477b02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/ae7f1496e098b24ed52f3796b2751e31300c1f414cdb9852ccb42dfdc261c98d/analysis/1495008698/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591c0d41-f978-4e20-87a9-43eb02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:43:45.000Z",
|
|
|
|
"modified": "2017-05-17T08:43:45.000Z",
|
|
|
|
"description": "- Xchecked via VT: ed8ed2f15cc120d56101f9278d2b7a90",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '04cdba9177bcb633604469e09c5d9348719706ea86f3cdd0aaaf5cb4c6b0dece']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:43:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--591c0d41-b4c8-4288-9d02-4cdb02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:43:45.000Z",
|
|
|
|
"modified": "2017-05-17T08:43:45.000Z",
|
|
|
|
"description": "- Xchecked via VT: ed8ed2f15cc120d56101f9278d2b7a90",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'c6bce7cb230669ce15ec0513e4769bf82f94f1f2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-17T08:43:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--591c0d41-3bfc-4e79-b524-418b02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-17T08:43:45.000Z",
|
|
|
|
"modified": "2017-05-17T08:43:45.000Z",
|
|
|
|
"first_observed": "2017-05-17T08:43:45Z",
|
|
|
|
"last_observed": "2017-05-17T08:43:45Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--591c0d41-3bfc-4e79-b524-418b02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--591c0d41-3bfc-4e79-b524-418b02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/04cdba9177bcb633604469e09c5d9348719706ea86f3cdd0aaaf5cb4c6b0dece/analysis/1494994547/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|