2023-06-14 17:31:25 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--593f8bda-e130-4025-9e98-4a67950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:41:14.000Z",
|
|
|
|
"modified": "2017-06-13T09:41:14.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "grouping",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "grouping--593f8bda-e130-4025-9e98-4a67950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:41:14.000Z",
|
|
|
|
"modified": "2017-06-13T09:41:14.000Z",
|
|
|
|
"name": "M2M - Trickbot 2017-06-12 : mac1 : Facture N 1234 du 12/06/2017 - \"FACTURE_1234.zip\"",
|
|
|
|
"context": "suspicious-activity",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--593fb274-bdec-45c5-8321-4dab02de0b81",
|
|
|
|
"url--593fb274-bdec-45c5-8321-4dab02de0b81",
|
|
|
|
"indicator--593fb273-1fe8-4428-975b-467802de0b81",
|
|
|
|
"indicator--593fb273-584c-49c7-af84-448a02de0b81",
|
|
|
|
"observed-data--593fb272-7de0-42eb-8613-4bcb02de0b81",
|
|
|
|
"url--593fb272-7de0-42eb-8613-4bcb02de0b81",
|
|
|
|
"indicator--593fb272-2934-4d8a-b93c-4a4d02de0b81",
|
|
|
|
"indicator--593fb272-f18c-4d5a-a8f0-499a02de0b81",
|
|
|
|
"observed-data--593f8c32-6b74-4a68-818e-4187950d210f",
|
|
|
|
"network-traffic--593f8c32-6b74-4a68-818e-4187950d210f",
|
|
|
|
"ipv4-addr--593f8c32-6b74-4a68-818e-4187950d210f",
|
|
|
|
"observed-data--593f8c31-5a98-4c3f-b909-4386950d210f",
|
|
|
|
"url--593f8c31-5a98-4c3f-b909-4386950d210f",
|
|
|
|
"observed-data--593f8c30-3ce4-4af0-9965-47e5950d210f",
|
|
|
|
"network-traffic--593f8c30-3ce4-4af0-9965-47e5950d210f",
|
|
|
|
"ipv4-addr--593f8c30-3ce4-4af0-9965-47e5950d210f",
|
|
|
|
"observed-data--593f8c30-6524-47e2-9b52-461d950d210f",
|
|
|
|
"url--593f8c30-6524-47e2-9b52-461d950d210f",
|
|
|
|
"observed-data--593f8c2f-ae50-408a-ae88-4a25950d210f",
|
|
|
|
"network-traffic--593f8c2f-ae50-408a-ae88-4a25950d210f",
|
|
|
|
"ipv4-addr--593f8c2f-ae50-408a-ae88-4a25950d210f",
|
|
|
|
"observed-data--593f8c2f-7090-4920-a3a7-4f72950d210f",
|
|
|
|
"url--593f8c2f-7090-4920-a3a7-4f72950d210f",
|
|
|
|
"observed-data--593f8c2e-777c-480a-8fb5-431e950d210f",
|
|
|
|
"network-traffic--593f8c2e-777c-480a-8fb5-431e950d210f",
|
|
|
|
"ipv4-addr--593f8c2e-777c-480a-8fb5-431e950d210f",
|
|
|
|
"observed-data--593f8c2d-79f0-463e-b67d-48c8950d210f",
|
|
|
|
"url--593f8c2d-79f0-463e-b67d-48c8950d210f",
|
|
|
|
"observed-data--593f8c2c-2508-4aa2-8153-450b950d210f",
|
|
|
|
"network-traffic--593f8c2c-2508-4aa2-8153-450b950d210f",
|
|
|
|
"ipv4-addr--593f8c2c-2508-4aa2-8153-450b950d210f",
|
|
|
|
"observed-data--593f8c2c-3040-401e-8aa6-4669950d210f",
|
|
|
|
"url--593f8c2c-3040-401e-8aa6-4669950d210f",
|
|
|
|
"observed-data--593f8c2b-a91c-45e8-bd91-404a950d210f",
|
|
|
|
"network-traffic--593f8c2b-a91c-45e8-bd91-404a950d210f",
|
|
|
|
"ipv4-addr--593f8c2b-a91c-45e8-bd91-404a950d210f",
|
|
|
|
"observed-data--593f8c2b-03b0-4a74-bc1e-4721950d210f",
|
|
|
|
"url--593f8c2b-03b0-4a74-bc1e-4721950d210f",
|
|
|
|
"observed-data--593f8c2a-a39c-4808-9079-42a7950d210f",
|
|
|
|
"network-traffic--593f8c2a-a39c-4808-9079-42a7950d210f",
|
|
|
|
"ipv4-addr--593f8c2a-a39c-4808-9079-42a7950d210f",
|
|
|
|
"observed-data--593f8c29-81fc-478d-a71b-4f81950d210f",
|
|
|
|
"url--593f8c29-81fc-478d-a71b-4f81950d210f",
|
|
|
|
"observed-data--593f8c19-739c-4c97-b9bf-4d25950d210f",
|
|
|
|
"network-traffic--593f8c19-739c-4c97-b9bf-4d25950d210f",
|
|
|
|
"ipv4-addr--593f8c19-739c-4c97-b9bf-4d25950d210f",
|
|
|
|
"indicator--593f8c16-1eb0-4542-8787-4558950d210f",
|
|
|
|
"indicator--593f8c16-ff64-4c2e-abf3-40aa950d210f",
|
|
|
|
"observed-data--593f8c15-be40-4d70-b229-4260950d210f",
|
|
|
|
"network-traffic--593f8c15-be40-4d70-b229-4260950d210f",
|
|
|
|
"ipv4-addr--593f8c15-be40-4d70-b229-4260950d210f",
|
|
|
|
"indicator--593f8c14-76c8-46d2-8817-4530950d210f",
|
|
|
|
"indicator--593f8c13-b674-4ee7-9589-4bd2950d210f",
|
|
|
|
"observed-data--593f8c13-3500-47ca-9454-434d950d210f",
|
|
|
|
"network-traffic--593f8c13-3500-47ca-9454-434d950d210f",
|
|
|
|
"ipv4-addr--593f8c13-3500-47ca-9454-434d950d210f",
|
|
|
|
"indicator--593f8c0d-d2d4-46f8-8d20-41c1950d210f",
|
|
|
|
"indicator--593f8c0d-6ce8-4bde-8d02-4798950d210f",
|
|
|
|
"observed-data--593f8c0c-0668-4802-b74f-4c4c950d210f",
|
|
|
|
"network-traffic--593f8c0c-0668-4802-b74f-4c4c950d210f",
|
|
|
|
"ipv4-addr--593f8c0c-0668-4802-b74f-4c4c950d210f",
|
|
|
|
"indicator--593f8c0b-aeac-495f-9f67-46d9950d210f",
|
|
|
|
"indicator--593f8c0b-749c-4eef-9173-4a1f950d210f",
|
|
|
|
"observed-data--593f8c0a-3ed8-4690-b8a9-4526950d210f",
|
|
|
|
"network-traffic--593f8c0a-3ed8-4690-b8a9-4526950d210f",
|
|
|
|
"ipv4-addr--593f8c0a-3ed8-4690-b8a9-4526950d210f",
|
|
|
|
"indicator--593f8c09-0fb0-4d1b-914e-4e0e950d210f",
|
|
|
|
"indicator--593f8c09-eddc-4c6a-b1ad-43b3950d210f",
|
|
|
|
"observed-data--593f8c08-0708-4985-bf69-4e77950d210f",
|
|
|
|
"network-traffic--593f8c08-0708-4985-bf69-4e77950d210f",
|
|
|
|
"ipv4-addr--593f8c08-0708-4985-bf69-4e77950d210f",
|
|
|
|
"indicator--593f8c08-e6c4-4fe2-bae1-4a69950d210f",
|
|
|
|
"indicator--593f8c07-45fc-4dc4-9f48-468d950d210f",
|
|
|
|
"observed-data--593f8c06-ad68-4d8a-83f6-4b07950d210f",
|
|
|
|
"network-traffic--593f8c06-ad68-4d8a-83f6-4b07950d210f",
|
|
|
|
"ipv4-addr--593f8c06-ad68-4d8a-83f6-4b07950d210f",
|
|
|
|
"indicator--593f8c06-437c-400e-99b2-4a26950d210f",
|
|
|
|
"indicator--593f8c05-8080-4ca3-8081-4aef950d210f",
|
|
|
|
"observed-data--593f8c05-6dd8-4545-81ae-4cf8950d210f",
|
|
|
|
"network-traffic--593f8c05-6dd8-4545-81ae-4cf8950d210f",
|
|
|
|
"ipv4-addr--593f8c05-6dd8-4545-81ae-4cf8950d210f",
|
|
|
|
"indicator--593f8c04-8998-4c92-bfb5-4149950d210f",
|
|
|
|
"indicator--593f8c03-e290-4478-868a-413c950d210f",
|
|
|
|
"observed-data--593f8c03-c2e0-4555-86a7-4a9d950d210f",
|
|
|
|
"network-traffic--593f8c03-c2e0-4555-86a7-4a9d950d210f",
|
|
|
|
"ipv4-addr--593f8c03-c2e0-4555-86a7-4a9d950d210f",
|
|
|
|
"indicator--593f8c02-52a8-4170-8175-4b5b950d210f",
|
|
|
|
"indicator--593f8c02-6184-41c2-9dd0-4d00950d210f",
|
|
|
|
"observed-data--593f8c01-d438-46ce-9d2b-467b950d210f",
|
|
|
|
"network-traffic--593f8c01-d438-46ce-9d2b-467b950d210f",
|
|
|
|
"ipv4-addr--593f8c01-d438-46ce-9d2b-467b950d210f",
|
|
|
|
"indicator--593f8c00-3e84-4f73-b86f-4aa6950d210f",
|
|
|
|
"indicator--593f8c00-df08-44fd-afd8-4bd1950d210f",
|
|
|
|
"observed-data--593f8bff-ea08-4791-b878-48eb950d210f",
|
|
|
|
"network-traffic--593f8bff-ea08-4791-b878-48eb950d210f",
|
|
|
|
"ipv4-addr--593f8bff-ea08-4791-b878-48eb950d210f",
|
|
|
|
"indicator--593f8bfe-1434-427b-b3b9-4227950d210f",
|
|
|
|
"indicator--593f8bfd-993c-4d08-a132-447b950d210f",
|
|
|
|
"observed-data--593f8bfd-7fb8-47c2-9b04-42a6950d210f",
|
|
|
|
"network-traffic--593f8bfd-7fb8-47c2-9b04-42a6950d210f",
|
|
|
|
"ipv4-addr--593f8bfd-7fb8-47c2-9b04-42a6950d210f",
|
|
|
|
"indicator--593f8bfc-ce24-4933-8df1-4ded950d210f",
|
|
|
|
"indicator--593f8bfb-e724-41b7-bdc7-4066950d210f",
|
|
|
|
"observed-data--593f8bfb-82e8-43bf-8ebb-43dd950d210f",
|
|
|
|
"network-traffic--593f8bfb-82e8-43bf-8ebb-43dd950d210f",
|
|
|
|
"ipv4-addr--593f8bfb-82e8-43bf-8ebb-43dd950d210f",
|
|
|
|
"indicator--593f8bfa-27ec-4dc7-8ffe-4340950d210f",
|
|
|
|
"indicator--593f8bf9-a65c-4cdd-a2ab-4f3a950d210f",
|
|
|
|
"observed-data--593f8bf8-0320-4b71-8096-47a0950d210f",
|
|
|
|
"network-traffic--593f8bf8-0320-4b71-8096-47a0950d210f",
|
|
|
|
"ipv4-addr--593f8bf8-0320-4b71-8096-47a0950d210f",
|
|
|
|
"indicator--593f8bf8-c8c4-4013-a1ae-44b4950d210f",
|
|
|
|
"indicator--593f8bf7-1840-4b67-b045-4873950d210f",
|
|
|
|
"observed-data--593f8bf6-c0cc-4519-b373-4cfd950d210f",
|
|
|
|
"network-traffic--593f8bf6-c0cc-4519-b373-4cfd950d210f",
|
|
|
|
"ipv4-addr--593f8bf6-c0cc-4519-b373-4cfd950d210f",
|
|
|
|
"indicator--593f8bf6-59b8-4fdc-93d1-4c0d950d210f",
|
|
|
|
"indicator--593f8bf5-7b88-4927-b37b-4879950d210f",
|
|
|
|
"observed-data--593f8bf4-399c-4c46-a662-47b7950d210f",
|
|
|
|
"network-traffic--593f8bf4-399c-4c46-a662-47b7950d210f",
|
|
|
|
"ipv4-addr--593f8bf4-399c-4c46-a662-47b7950d210f",
|
|
|
|
"indicator--593f8bf3-87b8-42cf-8bf5-4ec6950d210f",
|
|
|
|
"indicator--593f8bf3-86a0-4700-abac-47c5950d210f",
|
|
|
|
"observed-data--593f8bf2-3964-4882-8574-4fc4950d210f",
|
|
|
|
"network-traffic--593f8bf2-3964-4882-8574-4fc4950d210f",
|
|
|
|
"ipv4-addr--593f8bf2-3964-4882-8574-4fc4950d210f",
|
|
|
|
"indicator--593f8bf1-07c4-4382-90b7-4446950d210f",
|
|
|
|
"indicator--593f8bf1-47ec-496b-ae06-45a1950d210f",
|
|
|
|
"observed-data--593f8bf0-ae9c-4558-906e-498e950d210f",
|
|
|
|
"network-traffic--593f8bf0-ae9c-4558-906e-498e950d210f",
|
|
|
|
"ipv4-addr--593f8bf0-ae9c-4558-906e-498e950d210f",
|
|
|
|
"indicator--593f8bef-cc3c-4c9f-bdbc-4db8950d210f",
|
|
|
|
"indicator--593f8bee-bb74-4d7e-9c6b-4739950d210f",
|
|
|
|
"observed-data--593f8bee-1c88-4897-b4cb-4a70950d210f",
|
|
|
|
"network-traffic--593f8bee-1c88-4897-b4cb-4a70950d210f",
|
|
|
|
"ipv4-addr--593f8bee-1c88-4897-b4cb-4a70950d210f",
|
|
|
|
"indicator--593f8bed-f118-4eba-a3e7-48f7950d210f",
|
|
|
|
"indicator--593f8bec-5d88-4c82-a6a1-4edc950d210f",
|
|
|
|
"indicator--593f8beb-5b54-4d20-9b93-4a99950d210f",
|
|
|
|
"indicator--593f8beb-f8e4-4f77-b53a-4cd1950d210f",
|
|
|
|
"observed-data--593f8bea-ced4-4c49-b576-438e950d210f",
|
|
|
|
"network-traffic--593f8bea-ced4-4c49-b576-438e950d210f",
|
|
|
|
"ipv4-addr--593f8bea-ced4-4c49-b576-438e950d210f",
|
|
|
|
"indicator--593f8be8-fce0-4b10-8a62-414a950d210f",
|
|
|
|
"indicator--593f8be8-bfd8-490e-b7c1-437f950d210f",
|
|
|
|
"observed-data--593f8be7-7cd4-47cc-bda3-4f79950d210f",
|
|
|
|
"network-traffic--593f8be7-7cd4-47cc-bda3-4f79950d210f",
|
|
|
|
"ipv4-addr--593f8be7-7cd4-47cc-bda3-4f79950d210f",
|
|
|
|
"indicator--593f8be6-8984-4638-a984-462a950d210f",
|
|
|
|
"indicator--593f8be5-8078-43e6-a053-4fc3950d210f",
|
|
|
|
"observed-data--593f8be5-3b6c-4b82-85da-48b6950d210f",
|
|
|
|
"network-traffic--593f8be5-3b6c-4b82-85da-48b6950d210f",
|
|
|
|
"ipv4-addr--593f8be5-3b6c-4b82-85da-48b6950d210f",
|
|
|
|
"indicator--593f8be3-6520-4a20-96e6-4c99950d210f",
|
|
|
|
"indicator--593f8be3-2c58-4445-8f99-4436950d210f",
|
|
|
|
"observed-data--593f8be2-c08c-4000-8653-44e6950d210f",
|
|
|
|
"network-traffic--593f8be2-c08c-4000-8653-44e6950d210f",
|
|
|
|
"ipv4-addr--593f8be2-c08c-4000-8653-44e6950d210f",
|
|
|
|
"indicator--593f8be0-52c4-4fcb-a9a4-472f950d210f",
|
|
|
|
"indicator--593f8be0-f618-491e-91d6-4173950d210f",
|
|
|
|
"observed-data--593f8bdf-11dc-4505-a024-4a5c950d210f",
|
|
|
|
"network-traffic--593f8bdf-11dc-4505-a024-4a5c950d210f",
|
|
|
|
"ipv4-addr--593f8bdf-11dc-4505-a024-4a5c950d210f",
|
|
|
|
"indicator--593f8bde-04f0-4da5-823f-4361950d210f",
|
|
|
|
"indicator--593f8bdd-5b98-41ba-8adb-43bb950d210f",
|
|
|
|
"observed-data--593f8bdd-f9d8-4943-9397-4bb3950d210f",
|
|
|
|
"network-traffic--593f8bdd-f9d8-4943-9397-4bb3950d210f",
|
|
|
|
"ipv4-addr--593f8bdd-f9d8-4943-9397-4bb3950d210f",
|
|
|
|
"indicator--593f8bdc-f8e0-4873-9584-462f950d210f",
|
|
|
|
"indicator--593f8bdb-0a64-454e-9b17-49a4950d210f",
|
|
|
|
"indicator--593f8bdb-0ca0-48bd-a94e-42ba950d210f",
|
|
|
|
"indicator--593f8bda-498c-4a69-8f34-4016950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fb274-bdec-45c5-8321-4dab02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:56.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:56.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:56Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:56Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--593fb274-bdec-45c5-8321-4dab02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--593fb274-bdec-45c5-8321-4dab02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/c305ebba4a998304919ada152c3eb3fe4037baa4526a9c16959b43c754743277/analysis/1497338561/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fb273-1fe8-4428-975b-467802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:55.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:55.000Z",
|
|
|
|
"description": "- Xchecked via VT: 20f52f4da77210883918021880d5068c",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'b3a03310d26611b69d0318c0315796f8e2ec9d74']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fb273-584c-49c7-af84-448a02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:55.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:55.000Z",
|
|
|
|
"description": "- Xchecked via VT: 20f52f4da77210883918021880d5068c",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c305ebba4a998304919ada152c3eb3fe4037baa4526a9c16959b43c754743277']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fb272-7de0-42eb-8613-4bcb02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:54.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:54.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:54Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:54Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--593fb272-7de0-42eb-8613-4bcb02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--593fb272-7de0-42eb-8613-4bcb02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/a6fc754849ad03495c72caf56c19c2dfe747249e43340b160e06e58bc5eb4d3d/analysis/1497345601/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fb272-2934-4d8a-b93c-4a4d02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:54.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:54.000Z",
|
|
|
|
"description": "- Xchecked via VT: b1826d53ae551f2969a347dd1804c76d",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '9af0184ba888ba9dd9065d8f60fbac1bf95719b1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fb272-f18c-4d5a-a8f0-499a02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:54.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:54.000Z",
|
|
|
|
"description": "- Xchecked via VT: b1826d53ae551f2969a347dd1804c76d",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'a6fc754849ad03495c72caf56c19c2dfe747249e43340b160e06e58bc5eb4d3d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c32-6b74-4a68-818e-4187950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c32-6b74-4a68-818e-4187950d210f",
|
|
|
|
"ipv4-addr--593f8c32-6b74-4a68-818e-4187950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c32-6b74-4a68-818e-4187950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c32-6b74-4a68-818e-4187950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c32-6b74-4a68-818e-4187950d210f",
|
|
|
|
"value": "185.203.243.113"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c31-5a98-4c3f-b909-4386950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--593f8c31-5a98-4c3f-b909-4386950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--593f8c31-5a98-4c3f-b909-4386950d210f",
|
|
|
|
"value": "185.203.243.113"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c30-3ce4-4af0-9965-47e5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c30-3ce4-4af0-9965-47e5950d210f",
|
|
|
|
"ipv4-addr--593f8c30-3ce4-4af0-9965-47e5950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c30-3ce4-4af0-9965-47e5950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c30-3ce4-4af0-9965-47e5950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c30-3ce4-4af0-9965-47e5950d210f",
|
|
|
|
"value": "185.203.243.112"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c30-6524-47e2-9b52-461d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--593f8c30-6524-47e2-9b52-461d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--593f8c30-6524-47e2-9b52-461d950d210f",
|
|
|
|
"value": "185.203.243.112"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c2f-ae50-408a-ae88-4a25950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c2f-ae50-408a-ae88-4a25950d210f",
|
|
|
|
"ipv4-addr--593f8c2f-ae50-408a-ae88-4a25950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c2f-ae50-408a-ae88-4a25950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c2f-ae50-408a-ae88-4a25950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c2f-ae50-408a-ae88-4a25950d210f",
|
|
|
|
"value": "185.203.243.111"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c2f-7090-4920-a3a7-4f72950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--593f8c2f-7090-4920-a3a7-4f72950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--593f8c2f-7090-4920-a3a7-4f72950d210f",
|
|
|
|
"value": "185.203.243.111"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c2e-777c-480a-8fb5-431e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c2e-777c-480a-8fb5-431e950d210f",
|
|
|
|
"ipv4-addr--593f8c2e-777c-480a-8fb5-431e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c2e-777c-480a-8fb5-431e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c2e-777c-480a-8fb5-431e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c2e-777c-480a-8fb5-431e950d210f",
|
|
|
|
"value": "89.231.13.33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c2d-79f0-463e-b67d-48c8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--593f8c2d-79f0-463e-b67d-48c8950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--593f8c2d-79f0-463e-b67d-48c8950d210f",
|
|
|
|
"value": "89.231.13.33"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c2c-2508-4aa2-8153-450b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c2c-2508-4aa2-8153-450b950d210f",
|
|
|
|
"ipv4-addr--593f8c2c-2508-4aa2-8153-450b950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c2c-2508-4aa2-8153-450b950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c2c-2508-4aa2-8153-450b950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c2c-2508-4aa2-8153-450b950d210f",
|
|
|
|
"value": "89.231.13.27"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c2c-3040-401e-8aa6-4669950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--593f8c2c-3040-401e-8aa6-4669950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--593f8c2c-3040-401e-8aa6-4669950d210f",
|
|
|
|
"value": "89.231.13.27"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c2b-a91c-45e8-bd91-404a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c2b-a91c-45e8-bd91-404a950d210f",
|
|
|
|
"ipv4-addr--593f8c2b-a91c-45e8-bd91-404a950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c2b-a91c-45e8-bd91-404a950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c2b-a91c-45e8-bd91-404a950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c2b-a91c-45e8-bd91-404a950d210f",
|
|
|
|
"value": "89.231.13.18"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c2b-03b0-4a74-bc1e-4721950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--593f8c2b-03b0-4a74-bc1e-4721950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--593f8c2b-03b0-4a74-bc1e-4721950d210f",
|
|
|
|
"value": "89.231.13.18"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c2a-a39c-4808-9079-42a7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c2a-a39c-4808-9079-42a7950d210f",
|
|
|
|
"ipv4-addr--593f8c2a-a39c-4808-9079-42a7950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c2a-a39c-4808-9079-42a7950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c2a-a39c-4808-9079-42a7950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c2a-a39c-4808-9079-42a7950d210f",
|
|
|
|
"value": "193.0.140.177"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c29-81fc-478d-a71b-4f81950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--593f8c29-81fc-478d-a71b-4f81950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--593f8c29-81fc-478d-a71b-4f81950d210f",
|
|
|
|
"value": "193.0.140.177"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c19-739c-4c97-b9bf-4d25950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c19-739c-4c97-b9bf-4d25950d210f",
|
|
|
|
"ipv4-addr--593f8c19-739c-4c97-b9bf-4d25950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c19-739c-4c97-b9bf-4d25950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c19-739c-4c97-b9bf-4d25950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c19-739c-4c97-b9bf-4d25950d210f",
|
|
|
|
"value": "103.249.108.128"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c16-1eb0-4542-8787-4558950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ythongye.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c16-ff64-4c2e-abf3-40aa950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://ythongye.com/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c15-be40-4d70-b229-4260950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c15-be40-4d70-b229-4260950d210f",
|
|
|
|
"ipv4-addr--593f8c15-be40-4d70-b229-4260950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c15-be40-4d70-b229-4260950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c15-be40-4d70-b229-4260950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c15-be40-4d70-b229-4260950d210f",
|
|
|
|
"value": "209.99.16.221"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c14-76c8-46d2-8817-4530950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'yensaophuongdong.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c13-b674-4ee7-9589-4bd2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://yensaophuongdong.com/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c13-3500-47ca-9454-434d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c13-3500-47ca-9454-434d950d210f",
|
|
|
|
"ipv4-addr--593f8c13-3500-47ca-9454-434d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c13-3500-47ca-9454-434d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c13-3500-47ca-9454-434d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c13-3500-47ca-9454-434d950d210f",
|
|
|
|
"value": "120.25.70.148"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c0d-d2d4-46f8-8d20-41c1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'xinjingji.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c0d-6ce8-4bde-8d02-4798950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://xinjingji.net/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c0c-0668-4802-b74f-4c4c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c0c-0668-4802-b74f-4c4c950d210f",
|
|
|
|
"ipv4-addr--593f8c0c-0668-4802-b74f-4c4c950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c0c-0668-4802-b74f-4c4c950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c0c-0668-4802-b74f-4c4c950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c0c-0668-4802-b74f-4c4c950d210f",
|
|
|
|
"value": "91.201.42.45"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c0b-aeac-495f-9f67-46d9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ulyanky.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c0b-749c-4eef-9173-4a1f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://ulyanky.ru/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c0a-3ed8-4690-b8a9-4526950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c0a-3ed8-4690-b8a9-4526950d210f",
|
|
|
|
"ipv4-addr--593f8c0a-3ed8-4690-b8a9-4526950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c0a-3ed8-4690-b8a9-4526950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c0a-3ed8-4690-b8a9-4526950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c0a-3ed8-4690-b8a9-4526950d210f",
|
|
|
|
"value": "103.21.58.130"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c09-0fb0-4d1b-914e-4e0e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'syrianchristiancentre.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c09-eddc-4c6a-b1ad-43b3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://syrianchristiancentre.org/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c08-0708-4985-bf69-4e77950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c08-0708-4985-bf69-4e77950d210f",
|
|
|
|
"ipv4-addr--593f8c08-0708-4985-bf69-4e77950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c08-0708-4985-bf69-4e77950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c08-0708-4985-bf69-4e77950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c08-0708-4985-bf69-4e77950d210f",
|
|
|
|
"value": "81.169.145.93"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c08-e6c4-4fe2-bae1-4a69950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'svi1869.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c07-45fc-4dc4-9f48-468d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://svi1869.de/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c06-ad68-4d8a-83f6-4b07950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c06-ad68-4d8a-83f6-4b07950d210f",
|
|
|
|
"ipv4-addr--593f8c06-ad68-4d8a-83f6-4b07950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c06-ad68-4d8a-83f6-4b07950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c06-ad68-4d8a-83f6-4b07950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c06-ad68-4d8a-83f6-4b07950d210f",
|
|
|
|
"value": "81.169.145.148"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c06-437c-400e-99b2-4a26950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'svadba-tamada.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c05-8080-4ca3-8081-4aef950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://svadba-tamada.de/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c05-6dd8-4545-81ae-4cf8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c05-6dd8-4545-81ae-4cf8950d210f",
|
|
|
|
"ipv4-addr--593f8c05-6dd8-4545-81ae-4cf8950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c05-6dd8-4545-81ae-4cf8950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c05-6dd8-4545-81ae-4cf8950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c05-6dd8-4545-81ae-4cf8950d210f",
|
|
|
|
"value": "212.40.5.43"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c04-8998-4c92-bfb5-4149950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'susewind.ch']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c03-e290-4478-868a-413c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://susewind.ch/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c03-c2e0-4555-86a7-4a9d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c03-c2e0-4555-86a7-4a9d950d210f",
|
|
|
|
"ipv4-addr--593f8c03-c2e0-4555-86a7-4a9d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c03-c2e0-4555-86a7-4a9d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c03-c2e0-4555-86a7-4a9d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c03-c2e0-4555-86a7-4a9d950d210f",
|
|
|
|
"value": "160.153.53.103"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c02-52a8-4170-8175-4b5b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'sportsfoliorewards.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c02-6184-41c2-9dd0-4d00950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://sportsfoliorewards.com/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8c01-d438-46ce-9d2b-467b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8c01-d438-46ce-9d2b-467b950d210f",
|
|
|
|
"ipv4-addr--593f8c01-d438-46ce-9d2b-467b950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8c01-d438-46ce-9d2b-467b950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8c01-d438-46ce-9d2b-467b950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8c01-d438-46ce-9d2b-467b950d210f",
|
|
|
|
"value": "103.21.58.252"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c00-3e84-4f73-b86f-4aa6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'smartzaa.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8c00-df08-44fd-afd8-4bd1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://smartzaa.com/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8bff-ea08-4791-b878-48eb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8bff-ea08-4791-b878-48eb950d210f",
|
|
|
|
"ipv4-addr--593f8bff-ea08-4791-b878-48eb950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8bff-ea08-4791-b878-48eb950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8bff-ea08-4791-b878-48eb950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8bff-ea08-4791-b878-48eb950d210f",
|
|
|
|
"value": "185.64.219.7"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bfe-1434-427b-b3b9-4227950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'skveselka.wz.cz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bfd-993c-4d08-a132-447b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://skveselka.wz.cz/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8bfd-7fb8-47c2-9b04-42a6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8bfd-7fb8-47c2-9b04-42a6950d210f",
|
|
|
|
"ipv4-addr--593f8bfd-7fb8-47c2-9b04-42a6950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8bfd-7fb8-47c2-9b04-42a6950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8bfd-7fb8-47c2-9b04-42a6950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8bfd-7fb8-47c2-9b04-42a6950d210f",
|
|
|
|
"value": "103.21.59.174"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bfc-ce24-4933-8df1-4ded950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'sheekchilly.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bfb-e724-41b7-bdc7-4066950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://sheekchilly.com/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8bfb-82e8-43bf-8ebb-43dd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8bfb-82e8-43bf-8ebb-43dd950d210f",
|
|
|
|
"ipv4-addr--593f8bfb-82e8-43bf-8ebb-43dd950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8bfb-82e8-43bf-8ebb-43dd950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8bfb-82e8-43bf-8ebb-43dd950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8bfb-82e8-43bf-8ebb-43dd950d210f",
|
|
|
|
"value": "66.219.202.10"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bfa-27ec-4dc7-8ffe-4340950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'sacrecoeur.bravepages.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bf9-a65c-4cdd-a2ab-4f3a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://sacrecoeur.bravepages.com/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8bf8-0320-4b71-8096-47a0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8bf8-0320-4b71-8096-47a0950d210f",
|
|
|
|
"ipv4-addr--593f8bf8-0320-4b71-8096-47a0950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8bf8-0320-4b71-8096-47a0950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8bf8-0320-4b71-8096-47a0950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8bf8-0320-4b71-8096-47a0950d210f",
|
|
|
|
"value": "81.169.145.166"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bf8-c8c4-4013-a1ae-44b4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'quente.nl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bf7-1840-4b67-b045-4873950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://quente.nl/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8bf6-c0cc-4519-b373-4cfd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8bf6-c0cc-4519-b373-4cfd950d210f",
|
|
|
|
"ipv4-addr--593f8bf6-c0cc-4519-b373-4cfd950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8bf6-c0cc-4519-b373-4cfd950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8bf6-c0cc-4519-b373-4cfd950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8bf6-c0cc-4519-b373-4cfd950d210f",
|
|
|
|
"value": "103.50.160.62"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bf6-59b8-4fdc-93d1-4c0d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'marylanddevelopers.in']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bf5-7b88-4927-b37b-4879950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://marylanddevelopers.in/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8bf4-399c-4c46-a662-47b7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8bf4-399c-4c46-a662-47b7950d210f",
|
|
|
|
"ipv4-addr--593f8bf4-399c-4c46-a662-47b7950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8bf4-399c-4c46-a662-47b7950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8bf4-399c-4c46-a662-47b7950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8bf4-399c-4c46-a662-47b7950d210f",
|
|
|
|
"value": "81.169.145.68"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bf3-87b8-42cf-8bf5-4ec6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'martinsturm.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bf3-86a0-4700-abac-47c5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://martinsturm.de/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8bf2-3964-4882-8574-4fc4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8bf2-3964-4882-8574-4fc4950d210f",
|
|
|
|
"ipv4-addr--593f8bf2-3964-4882-8574-4fc4950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8bf2-3964-4882-8574-4fc4950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8bf2-3964-4882-8574-4fc4950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8bf2-3964-4882-8574-4fc4950d210f",
|
|
|
|
"value": "219.118.71.133"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bf1-07c4-4382-90b7-4446950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mangetsudo.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bf1-47ec-496b-ae06-45a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mangetsudo.net/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8bf0-ae9c-4558-906e-498e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8bf0-ae9c-4558-906e-498e950d210f",
|
|
|
|
"ipv4-addr--593f8bf0-ae9c-4558-906e-498e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8bf0-ae9c-4558-906e-498e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8bf0-ae9c-4558-906e-498e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8bf0-ae9c-4558-906e-498e950d210f",
|
|
|
|
"value": "107.180.48.91"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bef-cc3c-4c9f-bdbc-4db8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'lockehouse.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bee-bb74-4d7e-9c6b-4739950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://lockehouse.com/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8bee-1c88-4897-b4cb-4a70950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8bee-1c88-4897-b4cb-4a70950d210f",
|
|
|
|
"ipv4-addr--593f8bee-1c88-4897-b4cb-4a70950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8bee-1c88-4897-b4cb-4a70950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8bee-1c88-4897-b4cb-4a70950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8bee-1c88-4897-b4cb-4a70950d210f",
|
|
|
|
"value": "216.97.233.44"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bed-f118-4eba-a3e7-48f7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'lamartechnical.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bec-5d88-4c82-a6a1-4edc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://lamartechnical.com/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8beb-5b54-4d20-9b93-4a99950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'e67tfgc4uybfbnfmd.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8beb-f8e4-4f77-b53a-4cd1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://e67tfgc4uybfbnfmd.org/af/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8bea-ced4-4c49-b576-438e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8bea-ced4-4c49-b576-438e950d210f",
|
|
|
|
"ipv4-addr--593f8bea-ced4-4c49-b576-438e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8bea-ced4-4c49-b576-438e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8bea-ced4-4c49-b576-438e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8bea-ced4-4c49-b576-438e950d210f",
|
|
|
|
"value": "133.242.52.84"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8be8-fce0-4b10-8a62-414a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'crowdvn.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8be8-bfd8-490e-b7c1-437f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://crowdvn.com/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8be7-7cd4-47cc-bda3-4f79950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8be7-7cd4-47cc-bda3-4f79950d210f",
|
|
|
|
"ipv4-addr--593f8be7-7cd4-47cc-bda3-4f79950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8be7-7cd4-47cc-bda3-4f79950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8be7-7cd4-47cc-bda3-4f79950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8be7-7cd4-47cc-bda3-4f79950d210f",
|
|
|
|
"value": "162.215.255.3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8be6-8984-4638-a984-462a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'cnbofa.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8be5-8078-43e6-a053-4fc3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://cnbofa.com/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8be5-3b6c-4b82-85da-48b6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8be5-3b6c-4b82-85da-48b6950d210f",
|
|
|
|
"ipv4-addr--593f8be5-3b6c-4b82-85da-48b6950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8be5-3b6c-4b82-85da-48b6950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8be5-3b6c-4b82-85da-48b6950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8be5-3b6c-4b82-85da-48b6950d210f",
|
|
|
|
"value": "202.181.246.240"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8be3-6520-4a20-96e6-4c99950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ceil.hk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8be3-2c58-4445-8f99-4436950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://ceil.hk/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8be2-c08c-4000-8653-44e6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8be2-c08c-4000-8653-44e6950d210f",
|
|
|
|
"ipv4-addr--593f8be2-c08c-4000-8653-44e6950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8be2-c08c-4000-8653-44e6950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8be2-c08c-4000-8653-44e6950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8be2-c08c-4000-8653-44e6950d210f",
|
|
|
|
"value": "193.239.206.248"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8be0-52c4-4fcb-a9a4-472f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'aacom.pl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8be0-f618-491e-91d6-4173950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://aacom.pl/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8bdf-11dc-4505-a024-4a5c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8bdf-11dc-4505-a024-4a5c950d210f",
|
|
|
|
"ipv4-addr--593f8bdf-11dc-4505-a024-4a5c950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8bdf-11dc-4505-a024-4a5c950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8bdf-11dc-4505-a024-4a5c950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8bdf-11dc-4505-a024-4a5c950d210f",
|
|
|
|
"value": "119.28.85.128"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bde-04f0-4da5-823f-4361950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = '78tguyc876wwirglmltm.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bdd-5b98-41ba-8adb-43bb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://78tguyc876wwirglmltm.net/af/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593f8bdd-f9d8-4943-9397-4bb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"last_observed": "2017-06-13T09:37:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593f8bdd-f9d8-4943-9397-4bb3950d210f",
|
|
|
|
"ipv4-addr--593f8bdd-f9d8-4943-9397-4bb3950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593f8bdd-f9d8-4943-9397-4bb3950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593f8bdd-f9d8-4943-9397-4bb3950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593f8bdd-f9d8-4943-9397-4bb3950d210f",
|
|
|
|
"value": "144.76.27.232"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bdc-f8e0-4873-9584-462f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = '1000i.co']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bdb-0a64-454e-9b17-49a4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://1000i.co/8yhf2ui']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bdb-0ca0-48bd-a94e-42ba950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '20f52f4da77210883918021880d5068c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593f8bda-498c-4a69-8f34-4016950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T09:37:20.000Z",
|
|
|
|
"modified": "2017-06-13T09:37:20.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b1826d53ae551f2969a347dd1804c76d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T09:37:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|