2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--59318aac-4e04-4616-9682-43ff950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:58:31.000Z",
|
|
|
|
"modified": "2017-06-02T15:58:31.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--59318aac-4e04-4616-9682-43ff950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:58:31.000Z",
|
|
|
|
"modified": "2017-06-02T15:58:31.000Z",
|
|
|
|
"name": "M2M - Jaff 2017-06-02 : \"Invoice INV-1234\" - \"Invoice INV-1234.pdf\"",
|
|
|
|
"published": "2017-06-02T15:58:47Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--59318aad-9c84-42d9-b8e2-ba67950d210f",
|
|
|
|
"indicator--59318aad-2dbc-4185-8a26-42ec950d210f",
|
|
|
|
"indicator--59318aae-f558-4a98-85c5-bae1950d210f",
|
|
|
|
"indicator--59318aaf-26cc-4c74-bfe7-bb84950d210f",
|
|
|
|
"observed-data--59318aaf-71bc-4df0-b19c-4676950d210f",
|
|
|
|
"network-traffic--59318aaf-71bc-4df0-b19c-4676950d210f",
|
|
|
|
"ipv4-addr--59318aaf-71bc-4df0-b19c-4676950d210f",
|
|
|
|
"indicator--59318ab0-67b4-4200-988a-4b12950d210f",
|
|
|
|
"indicator--59318ab1-0da4-441c-b0e0-43bd950d210f",
|
|
|
|
"observed-data--59318ab2-03c8-4097-af86-415e950d210f",
|
|
|
|
"network-traffic--59318ab2-03c8-4097-af86-415e950d210f",
|
|
|
|
"ipv4-addr--59318ab2-03c8-4097-af86-415e950d210f",
|
|
|
|
"indicator--59318ab4-e24c-465a-af2e-bb1d950d210f",
|
|
|
|
"indicator--59318ab5-c09c-4b4f-bd1b-40da950d210f",
|
|
|
|
"observed-data--59318ab7-52d0-4ba6-8bf7-4616950d210f",
|
|
|
|
"network-traffic--59318ab7-52d0-4ba6-8bf7-4616950d210f",
|
|
|
|
"ipv4-addr--59318ab7-52d0-4ba6-8bf7-4616950d210f",
|
|
|
|
"indicator--59318ab8-4cf8-4748-b7c9-4a0d950d210f",
|
|
|
|
"indicator--59318ab9-2a0c-4603-95e3-ba67950d210f",
|
|
|
|
"observed-data--59318aba-877c-45f4-92c3-4074950d210f",
|
|
|
|
"network-traffic--59318aba-877c-45f4-92c3-4074950d210f",
|
|
|
|
"ipv4-addr--59318aba-877c-45f4-92c3-4074950d210f",
|
|
|
|
"indicator--59318abc-0368-4fb0-8101-49ed950d210f",
|
|
|
|
"indicator--59318abc-73ec-4a13-b070-bae1950d210f",
|
|
|
|
"observed-data--59318abd-3424-4567-bb19-bb84950d210f",
|
|
|
|
"network-traffic--59318abd-3424-4567-bb19-bb84950d210f",
|
|
|
|
"ipv4-addr--59318abd-3424-4567-bb19-bb84950d210f",
|
|
|
|
"indicator--59318abe-fff4-4ccc-9101-4ec8950d210f",
|
|
|
|
"indicator--59318abe-438c-471b-a62e-443d950d210f",
|
|
|
|
"observed-data--59318abf-4e34-4b4b-8083-44e3950d210f",
|
|
|
|
"network-traffic--59318abf-4e34-4b4b-8083-44e3950d210f",
|
|
|
|
"ipv4-addr--59318abf-4e34-4b4b-8083-44e3950d210f",
|
|
|
|
"indicator--59318ac0-5194-44d8-9b78-4e37950d210f",
|
|
|
|
"indicator--59318ac0-e094-4c70-9738-4ef2950d210f",
|
|
|
|
"observed-data--59318ac1-6260-4873-9be7-456d950d210f",
|
|
|
|
"network-traffic--59318ac1-6260-4873-9be7-456d950d210f",
|
|
|
|
"ipv4-addr--59318ac1-6260-4873-9be7-456d950d210f",
|
|
|
|
"indicator--59318ac2-6814-407a-9008-bb1d950d210f",
|
|
|
|
"indicator--59318ac2-7074-4b26-881c-1b5b950d210f",
|
|
|
|
"observed-data--59318ac3-4374-4076-b502-42dd950d210f",
|
|
|
|
"network-traffic--59318ac3-4374-4076-b502-42dd950d210f",
|
|
|
|
"ipv4-addr--59318ac3-4374-4076-b502-42dd950d210f",
|
|
|
|
"indicator--59318ac3-a618-4d43-a0ba-1b03950d210f",
|
|
|
|
"indicator--59318ac4-148c-4ae5-9369-49da950d210f",
|
|
|
|
"observed-data--59318ac7-f610-48ff-9c91-ba67950d210f",
|
|
|
|
"network-traffic--59318ac7-f610-48ff-9c91-ba67950d210f",
|
|
|
|
"ipv4-addr--59318ac7-f610-48ff-9c91-ba67950d210f",
|
|
|
|
"indicator--59318ac8-2d04-419c-b163-46fe950d210f",
|
|
|
|
"indicator--59318ac8-f2f4-48e2-ad99-6559950d210f",
|
|
|
|
"observed-data--59318ac9-6e6c-4355-b30f-4228950d210f",
|
|
|
|
"network-traffic--59318ac9-6e6c-4355-b30f-4228950d210f",
|
|
|
|
"ipv4-addr--59318ac9-6e6c-4355-b30f-4228950d210f",
|
|
|
|
"indicator--59318ac9-82a0-45b8-856b-bae1950d210f",
|
|
|
|
"indicator--59318aca-2b78-4a03-bb75-bb84950d210f",
|
|
|
|
"indicator--59318acc-bb4c-41fc-9e55-475c950d210f",
|
|
|
|
"indicator--59318acc-dbe0-48e3-9d15-435b950d210f",
|
|
|
|
"observed-data--59318acd-5a20-4344-a4da-499f950d210f",
|
|
|
|
"network-traffic--59318acd-5a20-4344-a4da-499f950d210f",
|
|
|
|
"ipv4-addr--59318acd-5a20-4344-a4da-499f950d210f",
|
|
|
|
"indicator--59318ace-f694-4699-a4b6-4fd8950d210f",
|
|
|
|
"indicator--59318ace-2648-4358-b884-bb1d950d210f",
|
|
|
|
"observed-data--59318acf-03f8-4cf4-8785-4c58950d210f",
|
|
|
|
"network-traffic--59318acf-03f8-4cf4-8785-4c58950d210f",
|
|
|
|
"ipv4-addr--59318acf-03f8-4cf4-8785-4c58950d210f",
|
|
|
|
"indicator--59318ad1-48a0-41db-951d-1b03950d210f",
|
|
|
|
"indicator--59318ad2-7e48-4aef-89a3-4ecf950d210f",
|
|
|
|
"observed-data--59318ad4-7f18-4f11-9a05-4b36950d210f",
|
|
|
|
"network-traffic--59318ad4-7f18-4f11-9a05-4b36950d210f",
|
|
|
|
"ipv4-addr--59318ad4-7f18-4f11-9a05-4b36950d210f",
|
|
|
|
"indicator--59318ad5-17e4-42b4-88c0-4060950d210f",
|
|
|
|
"indicator--59318ad6-07e4-4b4e-a52a-bae1950d210f",
|
|
|
|
"observed-data--59318ad8-8024-464f-b3cf-bb84950d210f",
|
|
|
|
"network-traffic--59318ad8-8024-464f-b3cf-bb84950d210f",
|
|
|
|
"ipv4-addr--59318ad8-8024-464f-b3cf-bb84950d210f",
|
|
|
|
"indicator--59318ad9-d22c-48a6-b6b4-46e0950d210f",
|
|
|
|
"indicator--59318ada-bd14-4741-8fd2-44a0950d210f",
|
|
|
|
"observed-data--59318ada-88c0-4100-b367-4ca2950d210f",
|
|
|
|
"network-traffic--59318ada-88c0-4100-b367-4ca2950d210f",
|
|
|
|
"ipv4-addr--59318ada-88c0-4100-b367-4ca2950d210f",
|
|
|
|
"observed-data--59318adb-41f0-4e85-a023-bb1d950d210f",
|
|
|
|
"network-traffic--59318adb-41f0-4e85-a023-bb1d950d210f",
|
|
|
|
"ipv4-addr--59318adb-41f0-4e85-a023-bb1d950d210f",
|
|
|
|
"indicator--59318adb-0f34-4f11-b527-1b5b950d210f",
|
|
|
|
"indicator--59318adc-5774-4b2e-8a10-41c5950d210f",
|
|
|
|
"observed-data--59318add-fb6c-419d-a0b4-1b03950d210f",
|
|
|
|
"network-traffic--59318add-fb6c-419d-a0b4-1b03950d210f",
|
|
|
|
"ipv4-addr--59318add-fb6c-419d-a0b4-1b03950d210f",
|
|
|
|
"indicator--59318add-6b10-41fb-aa6d-4686950d210f",
|
|
|
|
"indicator--59318ade-e500-474c-9c4e-43a3950d210f",
|
|
|
|
"observed-data--59318ade-763c-46ea-afe6-4dd4950d210f",
|
|
|
|
"network-traffic--59318ade-763c-46ea-afe6-4dd4950d210f",
|
|
|
|
"ipv4-addr--59318ade-763c-46ea-afe6-4dd4950d210f",
|
|
|
|
"indicator--59318adf-0270-4e33-b2f9-ba67950d210f",
|
|
|
|
"indicator--59318adf-24a8-4dfe-951a-4482950d210f",
|
|
|
|
"observed-data--59318ae1-07b0-41fe-9488-6559950d210f",
|
|
|
|
"network-traffic--59318ae1-07b0-41fe-9488-6559950d210f",
|
|
|
|
"ipv4-addr--59318ae1-07b0-41fe-9488-6559950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
|
|
"misp-galaxy:ransomware=\"Jaff\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318aad-9c84-42d9-b8e2-ba67950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:29.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:29.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '29d88355954e0ef9be171f54567a2703']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318aad-2dbc-4185-8a26-42ec950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:29.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:29.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '3a85cbd54b6c1afadaf06fbc6f1ef9b4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318aae-f558-4a98-85c5-bae1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:30.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:30.000Z",
|
|
|
|
"pattern": "[url:value = 'http://dhaniearie.com/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318aaf-26cc-4c74-bfe7-bb84950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:31.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'dhaniearie.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318aaf-71bc-4df0-b19c-4676950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:31.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:31.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:56:31Z",
|
|
|
|
"last_observed": "2017-06-02T15:56:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318aaf-71bc-4df0-b19c-4676950d210f",
|
|
|
|
"ipv4-addr--59318aaf-71bc-4df0-b19c-4676950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318aaf-71bc-4df0-b19c-4676950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318aaf-71bc-4df0-b19c-4676950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318aaf-71bc-4df0-b19c-4676950d210f",
|
|
|
|
"value": "103.11.75.13"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ab0-67b4-4200-988a-4b12950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:32.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:32.000Z",
|
|
|
|
"pattern": "[url:value = 'http://doinlife.com/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ab1-0da4-441c-b0e0-43bd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:33.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:33.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'doinlife.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318ab2-03c8-4097-af86-415e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:34.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:34.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:56:34Z",
|
|
|
|
"last_observed": "2017-06-02T15:56:34Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318ab2-03c8-4097-af86-415e950d210f",
|
|
|
|
"ipv4-addr--59318ab2-03c8-4097-af86-415e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318ab2-03c8-4097-af86-415e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318ab2-03c8-4097-af86-415e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318ab2-03c8-4097-af86-415e950d210f",
|
|
|
|
"value": "108.179.228.212"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ab4-e24c-465a-af2e-bb1d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:36.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:36.000Z",
|
|
|
|
"pattern": "[url:value = 'http://eselink.com.my/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ab5-c09c-4b4f-bd1b-40da950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:37.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'eselink.com.my']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318ab7-52d0-4ba6-8bf7-4616950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:39.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:39.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:56:39Z",
|
|
|
|
"last_observed": "2017-06-02T15:56:39Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318ab7-52d0-4ba6-8bf7-4616950d210f",
|
|
|
|
"ipv4-addr--59318ab7-52d0-4ba6-8bf7-4616950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318ab7-52d0-4ba6-8bf7-4616950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318ab7-52d0-4ba6-8bf7-4616950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318ab7-52d0-4ba6-8bf7-4616950d210f",
|
|
|
|
"value": "124.150.140.96"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ab8-4cf8-4748-b7c9-4a0d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:40.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:40.000Z",
|
|
|
|
"pattern": "[url:value = 'http://lanphuong.vn/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ab9-2a0c-4603-95e3-ba67950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:41.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:41.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'lanphuong.vn']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318aba-877c-45f4-92c3-4074950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:42.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:42.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:56:42Z",
|
|
|
|
"last_observed": "2017-06-02T15:56:42Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318aba-877c-45f4-92c3-4074950d210f",
|
|
|
|
"ipv4-addr--59318aba-877c-45f4-92c3-4074950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318aba-877c-45f4-92c3-4074950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318aba-877c-45f4-92c3-4074950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318aba-877c-45f4-92c3-4074950d210f",
|
|
|
|
"value": "112.213.85.78"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318abc-0368-4fb0-8101-49ed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:44.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:44.000Z",
|
|
|
|
"pattern": "[url:value = 'http://lordheals.com/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318abc-73ec-4a13-b070-bae1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:44.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:44.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'lordheals.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318abd-3424-4567-bb19-bb84950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:45.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:45.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:56:45Z",
|
|
|
|
"last_observed": "2017-06-02T15:56:45Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318abd-3424-4567-bb19-bb84950d210f",
|
|
|
|
"ipv4-addr--59318abd-3424-4567-bb19-bb84950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318abd-3424-4567-bb19-bb84950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318abd-3424-4567-bb19-bb84950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318abd-3424-4567-bb19-bb84950d210f",
|
|
|
|
"value": "192.185.5.93"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318abe-fff4-4ccc-9101-4ec8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:46.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:46.000Z",
|
|
|
|
"pattern": "[url:value = 'http://meiyizixun.com/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318abe-438c-471b-a62e-443d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:46.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:46.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'meiyizixun.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318abf-4e34-4b4b-8083-44e3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:47.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:47.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:56:47Z",
|
|
|
|
"last_observed": "2017-06-02T15:56:47Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318abf-4e34-4b4b-8083-44e3950d210f",
|
|
|
|
"ipv4-addr--59318abf-4e34-4b4b-8083-44e3950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318abf-4e34-4b4b-8083-44e3950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318abf-4e34-4b4b-8083-44e3950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318abf-4e34-4b4b-8083-44e3950d210f",
|
|
|
|
"value": "103.24.0.218"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ac0-5194-44d8-9b78-4e37950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:48.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:48.000Z",
|
|
|
|
"pattern": "[url:value = 'http://midiconcept.com/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ac0-e094-4c70-9738-4ef2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:48.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:48.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'midiconcept.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318ac1-6260-4873-9be7-456d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:49.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:49.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:56:49Z",
|
|
|
|
"last_observed": "2017-06-02T15:56:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318ac1-6260-4873-9be7-456d950d210f",
|
|
|
|
"ipv4-addr--59318ac1-6260-4873-9be7-456d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318ac1-6260-4873-9be7-456d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318ac1-6260-4873-9be7-456d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318ac1-6260-4873-9be7-456d950d210f",
|
|
|
|
"value": "193.70.38.218"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ac2-6814-407a-9008-bb1d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:50.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:50.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mountmary.ca/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ac2-7074-4b26-881c-1b5b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:50.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:50.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mountmary.ca']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318ac3-4374-4076-b502-42dd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:51.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:51.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:56:51Z",
|
|
|
|
"last_observed": "2017-06-02T15:56:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318ac3-4374-4076-b502-42dd950d210f",
|
|
|
|
"ipv4-addr--59318ac3-4374-4076-b502-42dd950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318ac3-4374-4076-b502-42dd950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318ac3-4374-4076-b502-42dd950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318ac3-4374-4076-b502-42dd950d210f",
|
|
|
|
"value": "69.49.101.51"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ac3-a618-4d43-a0ba-1b03950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:51.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://newserniggrofg.net/af/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ac4-148c-4ae5-9369-49da950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:52.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:52.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'newserniggrofg.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318ac7-f610-48ff-9c91-ba67950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:55.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:55.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:56:55Z",
|
|
|
|
"last_observed": "2017-06-02T15:56:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318ac7-f610-48ff-9c91-ba67950d210f",
|
|
|
|
"ipv4-addr--59318ac7-f610-48ff-9c91-ba67950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318ac7-f610-48ff-9c91-ba67950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318ac7-f610-48ff-9c91-ba67950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318ac7-f610-48ff-9c91-ba67950d210f",
|
|
|
|
"value": "13.58.5.152"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ac8-2d04-419c-b163-46fe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:56.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:56.000Z",
|
|
|
|
"pattern": "[url:value = 'http://orhangazitur.com/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ac8-f2f4-48e2-ad99-6559950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:56.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:56.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'orhangazitur.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318ac9-6e6c-4355-b30f-4228950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:57.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:57.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:56:57Z",
|
|
|
|
"last_observed": "2017-06-02T15:56:57Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318ac9-6e6c-4355-b30f-4228950d210f",
|
|
|
|
"ipv4-addr--59318ac9-6e6c-4355-b30f-4228950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318ac9-6e6c-4355-b30f-4228950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318ac9-6e6c-4355-b30f-4228950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318ac9-6e6c-4355-b30f-4228950d210f",
|
|
|
|
"value": "109.232.220.235"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ac9-82a0-45b8-856b-bae1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:57.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://resevesssetornument.com/af/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318aca-2b78-4a03-bb75-bb84950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:56:58.000Z",
|
|
|
|
"modified": "2017-06-02T15:56:58.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'resevesssetornument.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:56:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318acc-bb4c-41fc-9e55-475c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:00.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:00.000Z",
|
|
|
|
"pattern": "[url:value = 'http://shrideva.co.in/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318acc-dbe0-48e3-9d15-435b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:00.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:00.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'shrideva.co.in']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318acd-5a20-4344-a4da-499f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:01.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:01.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:57:01Z",
|
|
|
|
"last_observed": "2017-06-02T15:57:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318acd-5a20-4344-a4da-499f950d210f",
|
|
|
|
"ipv4-addr--59318acd-5a20-4344-a4da-499f950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318acd-5a20-4344-a4da-499f950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318acd-5a20-4344-a4da-499f950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318acd-5a20-4344-a4da-499f950d210f",
|
|
|
|
"value": "103.21.59.168"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ace-f694-4699-a4b6-4fd8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:02.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:02.000Z",
|
|
|
|
"pattern": "[url:value = 'http://strassensammler.de/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ace-2648-4358-b884-bb1d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:02.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:02.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'strassensammler.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318acf-03f8-4cf4-8785-4c58950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:03.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:03.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:57:03Z",
|
|
|
|
"last_observed": "2017-06-02T15:57:03Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318acf-03f8-4cf4-8785-4c58950d210f",
|
|
|
|
"ipv4-addr--59318acf-03f8-4cf4-8785-4c58950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318acf-03f8-4cf4-8785-4c58950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318acf-03f8-4cf4-8785-4c58950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318acf-03f8-4cf4-8785-4c58950d210f",
|
|
|
|
"value": "81.169.145.86"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ad1-48a0-41db-951d-1b03950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:05.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:05.000Z",
|
|
|
|
"pattern": "[url:value = 'http://suninsulation.com.au/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ad2-7e48-4aef-89a3-4ecf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:06.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:06.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'suninsulation.com.au']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318ad4-7f18-4f11-9a05-4b36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:08.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:08.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:57:08Z",
|
|
|
|
"last_observed": "2017-06-02T15:57:08Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318ad4-7f18-4f11-9a05-4b36950d210f",
|
|
|
|
"ipv4-addr--59318ad4-7f18-4f11-9a05-4b36950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318ad4-7f18-4f11-9a05-4b36950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318ad4-7f18-4f11-9a05-4b36950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318ad4-7f18-4f11-9a05-4b36950d210f",
|
|
|
|
"value": "182.160.158.62"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ad5-17e4-42b4-88c0-4060950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:09.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:09.000Z",
|
|
|
|
"pattern": "[url:value = 'http://systemalu.com/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ad6-07e4-4b4e-a52a-bae1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:10.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:10.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'systemalu.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318ad8-8024-464f-b3cf-bb84950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:12.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:12.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:57:12Z",
|
|
|
|
"last_observed": "2017-06-02T15:57:12Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318ad8-8024-464f-b3cf-bb84950d210f",
|
|
|
|
"ipv4-addr--59318ad8-8024-464f-b3cf-bb84950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318ad8-8024-464f-b3cf-bb84950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318ad8-8024-464f-b3cf-bb84950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318ad8-8024-464f-b3cf-bb84950d210f",
|
|
|
|
"value": "143.95.239.62"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ad9-d22c-48a6-b6b4-46e0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:13.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:13.000Z",
|
|
|
|
"pattern": "[url:value = 'http://vibehouserecords.com/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ada-bd14-4741-8fd2-44a0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:14.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'vibehouserecords.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318ada-88c0-4100-b367-4ca2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:14.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:14.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:57:14Z",
|
|
|
|
"last_observed": "2017-06-02T15:57:14Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318ada-88c0-4100-b367-4ca2950d210f",
|
|
|
|
"ipv4-addr--59318ada-88c0-4100-b367-4ca2950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318ada-88c0-4100-b367-4ca2950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318ada-88c0-4100-b367-4ca2950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318ada-88c0-4100-b367-4ca2950d210f",
|
|
|
|
"value": "104.27.176.10"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318adb-41f0-4e85-a023-bb1d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:15.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:15.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:57:15Z",
|
|
|
|
"last_observed": "2017-06-02T15:57:15Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318adb-41f0-4e85-a023-bb1d950d210f",
|
|
|
|
"ipv4-addr--59318adb-41f0-4e85-a023-bb1d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318adb-41f0-4e85-a023-bb1d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318adb-41f0-4e85-a023-bb1d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318adb-41f0-4e85-a023-bb1d950d210f",
|
|
|
|
"value": "104.27.177.10"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318adb-0f34-4f11-b527-1b5b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:15.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:15.000Z",
|
|
|
|
"pattern": "[url:value = 'http://yoyogi.com.au/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318adc-5774-4b2e-8a10-41c5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:16.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:16.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'yoyogi.com.au']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318add-fb6c-419d-a0b4-1b03950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:17.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:17.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:57:17Z",
|
|
|
|
"last_observed": "2017-06-02T15:57:17Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318add-fb6c-419d-a0b4-1b03950d210f",
|
|
|
|
"ipv4-addr--59318add-fb6c-419d-a0b4-1b03950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318add-fb6c-419d-a0b4-1b03950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318add-fb6c-419d-a0b4-1b03950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318add-fb6c-419d-a0b4-1b03950d210f",
|
|
|
|
"value": "27.124.113.33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318add-6b10-41fb-aa6d-4686950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:17.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:17.000Z",
|
|
|
|
"pattern": "[url:value = 'http://zvezda-k.ru/hH60bd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318ade-e500-474c-9c4e-43a3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:18.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'zvezda-k.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318ade-763c-46ea-afe6-4dd4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:18.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:18.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:57:18Z",
|
|
|
|
"last_observed": "2017-06-02T15:57:18Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318ade-763c-46ea-afe6-4dd4950d210f",
|
|
|
|
"ipv4-addr--59318ade-763c-46ea-afe6-4dd4950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318ade-763c-46ea-afe6-4dd4950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318ade-763c-46ea-afe6-4dd4950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318ade-763c-46ea-afe6-4dd4950d210f",
|
|
|
|
"value": "81.177.139.23"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318adf-0270-4e33-b2f9-ba67950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:19.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://whoisfoxxrobiouy.net/a5/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59318adf-24a8-4dfe-951a-4482950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:19.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'whoisfoxxrobiouy.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-02T15:57:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59318ae1-07b0-41fe-9488-6559950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-02T15:57:21.000Z",
|
|
|
|
"modified": "2017-06-02T15:57:21.000Z",
|
|
|
|
"first_observed": "2017-06-02T15:57:21Z",
|
|
|
|
"last_observed": "2017-06-02T15:57:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59318ae1-07b0-41fe-9488-6559950d210f",
|
|
|
|
"ipv4-addr--59318ae1-07b0-41fe-9488-6559950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59318ae1-07b0-41fe-9488-6559950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59318ae1-07b0-41fe-9488-6559950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59318ae1-07b0-41fe-9488-6559950d210f",
|
|
|
|
"value": "5.101.66.85"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|