2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--594252f6-6d34-496a-9746-413f950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T12:37:38.000Z",
|
|
|
|
"modified": "2017-06-16T12:37:38.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--594252f6-6d34-496a-9746-413f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T12:37:38.000Z",
|
|
|
|
"modified": "2017-06-16T12:37:38.000Z",
|
|
|
|
"name": "M2M - Jaff 2017-06-14 : \"Emailing: 123456789\" - \"123456789.ZIP\"",
|
|
|
|
"published": "2017-06-16T12:37:48Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--594252f6-0d08-4c8b-a1f6-443f950d210f",
|
|
|
|
"indicator--594252f7-e574-4b89-b7f2-486b950d210f",
|
|
|
|
"indicator--594252f8-1b64-4690-9e64-42e7950d210f",
|
|
|
|
"indicator--594252f8-1c88-4a22-9a0b-4b1a950d210f",
|
|
|
|
"observed-data--594252fd-7488-4084-9e0f-41a4950d210f",
|
|
|
|
"network-traffic--594252fd-7488-4084-9e0f-41a4950d210f",
|
|
|
|
"ipv4-addr--594252fd-7488-4084-9e0f-41a4950d210f",
|
|
|
|
"indicator--594252fe-e8d0-49c1-a8c5-4fdb950d210f",
|
|
|
|
"indicator--594252ff-0060-4d30-bd81-477f950d210f",
|
|
|
|
"observed-data--59425303-9b40-4920-9960-4c36950d210f",
|
|
|
|
"network-traffic--59425303-9b40-4920-9960-4c36950d210f",
|
|
|
|
"ipv4-addr--59425303-9b40-4920-9960-4c36950d210f",
|
|
|
|
"indicator--59425304-4110-43c0-b26b-4752950d210f",
|
|
|
|
"indicator--59425304-0d50-403e-a134-4560950d210f",
|
|
|
|
"observed-data--59425305-1f4c-4ab9-bf60-40ec950d210f",
|
|
|
|
"network-traffic--59425305-1f4c-4ab9-bf60-40ec950d210f",
|
|
|
|
"ipv4-addr--59425305-1f4c-4ab9-bf60-40ec950d210f",
|
|
|
|
"indicator--59425305-fba8-4eef-8a91-408b950d210f",
|
|
|
|
"indicator--59425306-f0bc-4cd5-ad90-414d950d210f",
|
|
|
|
"observed-data--59425307-ea44-4ed0-9dc6-45b5950d210f",
|
|
|
|
"network-traffic--59425307-ea44-4ed0-9dc6-45b5950d210f",
|
|
|
|
"ipv4-addr--59425307-ea44-4ed0-9dc6-45b5950d210f",
|
|
|
|
"indicator--59425307-4c58-4f84-a07a-4de0950d210f",
|
|
|
|
"indicator--59425308-eb3c-49f3-a57b-4ca8950d210f",
|
|
|
|
"indicator--59425309-6564-4eb1-9df8-4ca7950d210f",
|
|
|
|
"indicator--59425309-7f70-4331-9b06-46f1950d210f",
|
|
|
|
"observed-data--5942530a-ea24-49ce-b9f7-44a2950d210f",
|
|
|
|
"network-traffic--5942530a-ea24-49ce-b9f7-44a2950d210f",
|
|
|
|
"ipv4-addr--5942530a-ea24-49ce-b9f7-44a2950d210f",
|
|
|
|
"indicator--5942530a-79e4-4f4c-b162-47ca950d210f",
|
|
|
|
"indicator--5942530b-f230-4055-b228-4bea950d210f",
|
|
|
|
"observed-data--5942530c-edfc-47c4-9189-4232950d210f",
|
|
|
|
"network-traffic--5942530c-edfc-47c4-9189-4232950d210f",
|
|
|
|
"ipv4-addr--5942530c-edfc-47c4-9189-4232950d210f",
|
|
|
|
"indicator--5942530c-1668-456d-9076-4e8e950d210f",
|
|
|
|
"indicator--5942530d-f08c-40bd-b86b-4689950d210f",
|
|
|
|
"observed-data--5942530d-bb54-4abf-bd3c-4e1e950d210f",
|
|
|
|
"network-traffic--5942530d-bb54-4abf-bd3c-4e1e950d210f",
|
|
|
|
"ipv4-addr--5942530d-bb54-4abf-bd3c-4e1e950d210f",
|
|
|
|
"indicator--5942530e-1594-4d17-9c86-49cc950d210f",
|
|
|
|
"indicator--5942530e-7280-46a7-801f-42ac950d210f",
|
|
|
|
"observed-data--5942530f-e7e8-4dfc-b234-4217950d210f",
|
|
|
|
"network-traffic--5942530f-e7e8-4dfc-b234-4217950d210f",
|
|
|
|
"ipv4-addr--5942530f-e7e8-4dfc-b234-4217950d210f",
|
|
|
|
"indicator--59425310-9a34-4841-a20f-410b950d210f",
|
|
|
|
"indicator--59425310-8f70-48d5-b774-4f09950d210f",
|
|
|
|
"observed-data--59425311-dda0-4947-8156-49e5950d210f",
|
|
|
|
"network-traffic--59425311-dda0-4947-8156-49e5950d210f",
|
|
|
|
"ipv4-addr--59425311-dda0-4947-8156-49e5950d210f",
|
|
|
|
"indicator--59425311-ef08-4799-9cd3-4d4d950d210f",
|
|
|
|
"indicator--59425312-3040-4859-b904-4d72950d210f",
|
|
|
|
"observed-data--59425312-dc14-4836-9b1b-4d28950d210f",
|
|
|
|
"network-traffic--59425312-dc14-4836-9b1b-4d28950d210f",
|
|
|
|
"ipv4-addr--59425312-dc14-4836-9b1b-4d28950d210f",
|
|
|
|
"indicator--59425313-5d50-4746-84a8-4f77950d210f",
|
|
|
|
"indicator--59425314-3cfc-4261-a2ab-4f7d950d210f",
|
|
|
|
"observed-data--59425314-9328-40d0-bca1-4d1e950d210f",
|
|
|
|
"network-traffic--59425314-9328-40d0-bca1-4d1e950d210f",
|
|
|
|
"ipv4-addr--59425314-9328-40d0-bca1-4d1e950d210f",
|
|
|
|
"observed-data--59425315-1430-4a62-b426-4fa4950d210f",
|
|
|
|
"network-traffic--59425315-1430-4a62-b426-4fa4950d210f",
|
|
|
|
"ipv4-addr--59425315-1430-4a62-b426-4fa4950d210f",
|
|
|
|
"indicator--59425315-c2d8-4d23-8e8c-41ad950d210f",
|
|
|
|
"indicator--59425316-ea30-4c52-8483-4ba9950d210f",
|
|
|
|
"observed-data--59425317-b518-4ccd-8e33-4be4950d210f",
|
|
|
|
"network-traffic--59425317-b518-4ccd-8e33-4be4950d210f",
|
|
|
|
"ipv4-addr--59425317-b518-4ccd-8e33-4be4950d210f",
|
|
|
|
"indicator--59425317-d9c4-4fca-a990-46ff950d210f",
|
|
|
|
"indicator--59425318-611c-4e77-a8b1-4acd950d210f",
|
|
|
|
"indicator--59425319-5a30-47ff-b414-4129950d210f",
|
|
|
|
"indicator--59425319-70a8-49de-8b70-4fb3950d210f",
|
|
|
|
"observed-data--5942531b-d848-43c1-9fbe-441e950d210f",
|
|
|
|
"network-traffic--5942531b-d848-43c1-9fbe-441e950d210f",
|
|
|
|
"ipv4-addr--5942531b-d848-43c1-9fbe-441e950d210f",
|
|
|
|
"indicator--5942531c-3068-4604-9a43-4856950d210f",
|
|
|
|
"indicator--5942531c-3298-4248-b721-4632950d210f",
|
|
|
|
"observed-data--5942531d-f6e4-42b3-809c-48fc950d210f",
|
|
|
|
"network-traffic--5942531d-f6e4-42b3-809c-48fc950d210f",
|
|
|
|
"ipv4-addr--5942531d-f6e4-42b3-809c-48fc950d210f",
|
|
|
|
"indicator--5942531d-f5a4-4628-a4a4-4398950d210f",
|
|
|
|
"indicator--5942531e-64cc-405f-a20f-410e950d210f",
|
|
|
|
"observed-data--5942531e-2a24-427a-b873-406f950d210f",
|
|
|
|
"network-traffic--5942531e-2a24-427a-b873-406f950d210f",
|
|
|
|
"ipv4-addr--5942531e-2a24-427a-b873-406f950d210f",
|
|
|
|
"indicator--5942531f-137c-42a0-8495-46b8950d210f",
|
|
|
|
"indicator--5942531f-5440-4fd1-9525-415a950d210f",
|
|
|
|
"observed-data--59425321-c584-4ce3-9de7-4ecd950d210f",
|
|
|
|
"network-traffic--59425321-c584-4ce3-9de7-4ecd950d210f",
|
|
|
|
"ipv4-addr--59425321-c584-4ce3-9de7-4ecd950d210f",
|
|
|
|
"indicator--59425322-f118-4850-b50d-4047950d210f",
|
|
|
|
"indicator--59425322-2798-4ff1-b8f5-4cbe950d210f",
|
|
|
|
"observed-data--59425323-45f4-4008-8147-4dbe950d210f",
|
|
|
|
"network-traffic--59425323-45f4-4008-8147-4dbe950d210f",
|
|
|
|
"ipv4-addr--59425323-45f4-4008-8147-4dbe950d210f",
|
|
|
|
"indicator--59425324-d040-4556-9608-4653950d210f",
|
|
|
|
"indicator--59425325-008c-458d-a957-4e45950d210f",
|
|
|
|
"observed-data--59425326-ae7c-4e26-9838-453d950d210f",
|
|
|
|
"network-traffic--59425326-ae7c-4e26-9838-453d950d210f",
|
|
|
|
"ipv4-addr--59425326-ae7c-4e26-9838-453d950d210f",
|
|
|
|
"indicator--59425327-f080-4851-b6fc-423f950d210f",
|
|
|
|
"indicator--59425327-b210-4a85-850c-425a950d210f",
|
|
|
|
"observed-data--59425328-30ac-4f9d-819c-4285950d210f",
|
|
|
|
"network-traffic--59425328-30ac-4f9d-819c-4285950d210f",
|
|
|
|
"ipv4-addr--59425328-30ac-4f9d-819c-4285950d210f",
|
|
|
|
"indicator--59425328-f588-45b2-85f1-4886950d210f",
|
|
|
|
"indicator--59425329-9074-494a-83a8-4fe6950d210f",
|
|
|
|
"observed-data--5942532b-963c-45d1-a969-499a950d210f",
|
|
|
|
"network-traffic--5942532b-963c-45d1-a969-499a950d210f",
|
|
|
|
"ipv4-addr--5942532b-963c-45d1-a969-499a950d210f",
|
|
|
|
"indicator--5943bb60-c634-4bbb-a898-440102de0b81",
|
|
|
|
"indicator--5943bb60-9488-4159-85b4-401802de0b81",
|
|
|
|
"observed-data--5943bb61-5f8c-42d9-bf8e-4a8b02de0b81",
|
|
|
|
"url--5943bb61-5f8c-42d9-bf8e-4a8b02de0b81",
|
|
|
|
"indicator--5943bb61-a8c8-4d76-9063-4fa202de0b81",
|
|
|
|
"indicator--5943bb62-2d04-41ad-baff-499f02de0b81",
|
|
|
|
"observed-data--5943bb62-e370-4a6a-978d-487e02de0b81",
|
|
|
|
"url--5943bb62-e370-4a6a-978d-487e02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
|
|
"misp-galaxy:ransomware=\"Jaff\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594252f6-0d08-4c8b-a1f6-443f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '184a66091326a882fc4425cb9b40194c']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594252f7-e574-4b89-b7f2-486b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'dea5cd9dcf444d6107b14cabefbb1774']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594252f8-1b64-4690-9e64-42e7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://16892.net/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594252f8-1c88-4a22-9a0b-4b1a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = '16892.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--594252fd-7488-4084-9e0f-41a4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--594252fd-7488-4084-9e0f-41a4950d210f",
|
|
|
|
"ipv4-addr--594252fd-7488-4084-9e0f-41a4950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--594252fd-7488-4084-9e0f-41a4950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--594252fd-7488-4084-9e0f-41a4950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--594252fd-7488-4084-9e0f-41a4950d210f",
|
|
|
|
"value": "199.79.63.100"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594252fe-e8d0-49c1-a8c5-4fdb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://78tguyc876wwirglmltm.net/af/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--594252ff-0060-4d30-bd81-477f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = '78tguyc876wwirglmltm.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59425303-9b40-4920-9960-4c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59425303-9b40-4920-9960-4c36950d210f",
|
|
|
|
"ipv4-addr--59425303-9b40-4920-9960-4c36950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59425303-9b40-4920-9960-4c36950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59425303-9b40-4920-9960-4c36950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59425303-9b40-4920-9960-4c36950d210f",
|
|
|
|
"value": "119.28.85.128"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425304-4110-43c0-b26b-4752950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://aarontax.com/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425304-0d50-403e-a134-4560950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'aarontax.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59425305-1f4c-4ab9-bf60-40ec950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59425305-1f4c-4ab9-bf60-40ec950d210f",
|
|
|
|
"ipv4-addr--59425305-1f4c-4ab9-bf60-40ec950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59425305-1f4c-4ab9-bf60-40ec950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59425305-1f4c-4ab9-bf60-40ec950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59425305-1f4c-4ab9-bf60-40ec950d210f",
|
|
|
|
"value": "107.180.2.55"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425305-fba8-4eef-8a91-408b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://aristei.com.ar/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425306-f0bc-4cd5-ad90-414d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'aristei.com.ar']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59425307-ea44-4ed0-9dc6-45b5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59425307-ea44-4ed0-9dc6-45b5950d210f",
|
|
|
|
"ipv4-addr--59425307-ea44-4ed0-9dc6-45b5950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59425307-ea44-4ed0-9dc6-45b5950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59425307-ea44-4ed0-9dc6-45b5950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59425307-ea44-4ed0-9dc6-45b5950d210f",
|
|
|
|
"value": "190.105.227.224"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425307-4c58-4f84-a07a-4de0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://cigarconexion.in/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425308-eb3c-49f3-a57b-4ca8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'cigarconexion.in']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425309-6564-4eb1-9df8-4ca7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://cinema-strasbourg.com/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425309-7f70-4331-9b06-46f1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'cinema-strasbourg.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5942530a-ea24-49ce-b9f7-44a2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5942530a-ea24-49ce-b9f7-44a2950d210f",
|
|
|
|
"ipv4-addr--5942530a-ea24-49ce-b9f7-44a2950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5942530a-ea24-49ce-b9f7-44a2950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5942530a-ea24-49ce-b9f7-44a2950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5942530a-ea24-49ce-b9f7-44a2950d210f",
|
|
|
|
"value": "5.196.28.243"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5942530a-79e4-4f4c-b162-47ca950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://comfortdiscovered.com.au/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5942530b-f230-4055-b228-4bea950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'comfortdiscovered.com.au']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5942530c-edfc-47c4-9189-4232950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5942530c-edfc-47c4-9189-4232950d210f",
|
|
|
|
"ipv4-addr--5942530c-edfc-47c4-9189-4232950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5942530c-edfc-47c4-9189-4232950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5942530c-edfc-47c4-9189-4232950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5942530c-edfc-47c4-9189-4232950d210f",
|
|
|
|
"value": "101.0.75.118"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5942530c-1668-456d-9076-4e8e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://cupcakery.in/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5942530d-f08c-40bd-b86b-4689950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'cupcakery.in']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5942530d-bb54-4abf-bd3c-4e1e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5942530d-bb54-4abf-bd3c-4e1e950d210f",
|
|
|
|
"ipv4-addr--5942530d-bb54-4abf-bd3c-4e1e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5942530d-bb54-4abf-bd3c-4e1e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5942530d-bb54-4abf-bd3c-4e1e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5942530d-bb54-4abf-bd3c-4e1e950d210f",
|
|
|
|
"value": "103.195.185.222"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5942530e-1594-4d17-9c86-49cc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://makkahhaj.com/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5942530e-7280-46a7-801f-42ac950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'makkahhaj.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5942530f-e7e8-4dfc-b234-4217950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5942530f-e7e8-4dfc-b234-4217950d210f",
|
|
|
|
"ipv4-addr--5942530f-e7e8-4dfc-b234-4217950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5942530f-e7e8-4dfc-b234-4217950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5942530f-e7e8-4dfc-b234-4217950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5942530f-e7e8-4dfc-b234-4217950d210f",
|
|
|
|
"value": "162.215.252.26"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425310-9a34-4841-a20f-410b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mediawax.be/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425310-8f70-48d5-b774-4f09950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mediawax.be']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59425311-dda0-4947-8156-49e5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59425311-dda0-4947-8156-49e5950d210f",
|
|
|
|
"ipv4-addr--59425311-dda0-4947-8156-49e5950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59425311-dda0-4947-8156-49e5950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59425311-dda0-4947-8156-49e5950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59425311-dda0-4947-8156-49e5950d210f",
|
|
|
|
"value": "5.61.252.24"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425311-ef08-4799-9cd3-4d4d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mokinukai.lt/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425312-3040-4859-b904-4d72950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mokinukai.lt']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59425312-dc14-4836-9b1b-4d28950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59425312-dc14-4836-9b1b-4d28950d210f",
|
|
|
|
"ipv4-addr--59425312-dc14-4836-9b1b-4d28950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59425312-dc14-4836-9b1b-4d28950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59425312-dc14-4836-9b1b-4d28950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59425312-dc14-4836-9b1b-4d28950d210f",
|
|
|
|
"value": "217.17.85.67"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425313-5d50-4746-84a8-4f77950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mseconsultant.com/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425314-3cfc-4261-a2ab-4f7d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mseconsultant.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59425314-9328-40d0-bca1-4d1e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59425314-9328-40d0-bca1-4d1e950d210f",
|
|
|
|
"ipv4-addr--59425314-9328-40d0-bca1-4d1e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59425314-9328-40d0-bca1-4d1e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59425314-9328-40d0-bca1-4d1e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59425314-9328-40d0-bca1-4d1e950d210f",
|
|
|
|
"value": "107.154.163.119"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59425315-1430-4a62-b426-4fa4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59425315-1430-4a62-b426-4fa4950d210f",
|
|
|
|
"ipv4-addr--59425315-1430-4a62-b426-4fa4950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59425315-1430-4a62-b426-4fa4950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59425315-1430-4a62-b426-4fa4950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59425315-1430-4a62-b426-4fa4950d210f",
|
|
|
|
"value": "107.154.220.119"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425315-c2d8-4d23-8e8c-41ad950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://qiyuner.com/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425316-ea30-4c52-8483-4ba9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'qiyuner.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59425317-b518-4ccd-8e33-4be4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59425317-b518-4ccd-8e33-4be4950d210f",
|
|
|
|
"ipv4-addr--59425317-b518-4ccd-8e33-4be4950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59425317-b518-4ccd-8e33-4be4950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59425317-b518-4ccd-8e33-4be4950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59425317-b518-4ccd-8e33-4be4950d210f",
|
|
|
|
"value": "115.28.21.247"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425317-d9c4-4fca-a990-46ff950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://randomessstioprottoy.net/af/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425318-611c-4e77-a8b1-4acd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'randomessstioprottoy.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425319-5a30-47ff-b414-4129950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://scjjh.cn/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425319-70a8-49de-8b70-4fb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'scjjh.cn']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5942531b-d848-43c1-9fbe-441e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5942531b-d848-43c1-9fbe-441e950d210f",
|
|
|
|
"ipv4-addr--5942531b-d848-43c1-9fbe-441e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5942531b-d848-43c1-9fbe-441e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5942531b-d848-43c1-9fbe-441e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5942531b-d848-43c1-9fbe-441e950d210f",
|
|
|
|
"value": "211.149.226.210"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5942531c-3068-4604-9a43-4856950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://sellityourway.nl/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5942531c-3298-4248-b721-4632950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'sellityourway.nl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5942531d-f6e4-42b3-809c-48fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5942531d-f6e4-42b3-809c-48fc950d210f",
|
|
|
|
"ipv4-addr--5942531d-f6e4-42b3-809c-48fc950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5942531d-f6e4-42b3-809c-48fc950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5942531d-f6e4-42b3-809c-48fc950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5942531d-f6e4-42b3-809c-48fc950d210f",
|
|
|
|
"value": "81.169.145.74"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5942531d-f5a4-4628-a4a4-4398950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://serajeadine.ir/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5942531e-64cc-405f-a20f-410e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'serajeadine.ir']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5942531e-2a24-427a-b873-406f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5942531e-2a24-427a-b873-406f950d210f",
|
|
|
|
"ipv4-addr--5942531e-2a24-427a-b873-406f950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5942531e-2a24-427a-b873-406f950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5942531e-2a24-427a-b873-406f950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5942531e-2a24-427a-b873-406f950d210f",
|
|
|
|
"value": "176.9.121.246"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5942531f-137c-42a0-8495-46b8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://songtinmungtinhyeu.org/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5942531f-5440-4fd1-9525-415a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'songtinmungtinhyeu.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59425321-c584-4ce3-9de7-4ecd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59425321-c584-4ce3-9de7-4ecd950d210f",
|
|
|
|
"ipv4-addr--59425321-c584-4ce3-9de7-4ecd950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59425321-c584-4ce3-9de7-4ecd950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59425321-c584-4ce3-9de7-4ecd950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59425321-c584-4ce3-9de7-4ecd950d210f",
|
|
|
|
"value": "45.117.80.214"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425322-f118-4850-b50d-4047950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://speedgrow.com/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425322-2798-4ff1-b8f5-4cbe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'speedgrow.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59425323-45f4-4008-8147-4dbe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59425323-45f4-4008-8147-4dbe950d210f",
|
|
|
|
"ipv4-addr--59425323-45f4-4008-8147-4dbe950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59425323-45f4-4008-8147-4dbe950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59425323-45f4-4008-8147-4dbe950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59425323-45f4-4008-8147-4dbe950d210f",
|
|
|
|
"value": "116.12.48.139"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425324-d040-4556-9608-4653950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://yuanhefruits.com/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425325-008c-458d-a957-4e45950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'yuanhefruits.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59425326-ae7c-4e26-9838-453d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59425326-ae7c-4e26-9838-453d950d210f",
|
|
|
|
"ipv4-addr--59425326-ae7c-4e26-9838-453d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59425326-ae7c-4e26-9838-453d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59425326-ae7c-4e26-9838-453d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59425326-ae7c-4e26-9838-453d950d210f",
|
|
|
|
"value": "45.32.216.171"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425327-f080-4851-b6fc-423f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://zebtex.com/734fhrfrre']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425327-b210-4a85-850c-425a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'zebtex.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59425328-30ac-4f9d-819c-4285950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59425328-30ac-4f9d-819c-4285950d210f",
|
|
|
|
"ipv4-addr--59425328-30ac-4f9d-819c-4285950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59425328-30ac-4f9d-819c-4285950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59425328-30ac-4f9d-819c-4285950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59425328-30ac-4f9d-819c-4285950d210f",
|
|
|
|
"value": "208.91.198.105"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425328-f588-45b2-85f1-4886950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://toronadrouuyrt5wwf.com/a5/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59425329-9074-494a-83a8-4fe6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'toronadrouuyrt5wwf.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:04:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5942532b-963c-45d1-a969-499a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:04:37.000Z",
|
|
|
|
"modified": "2017-06-16T11:04:37.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"last_observed": "2017-06-16T11:04:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5942532b-963c-45d1-a969-499a950d210f",
|
|
|
|
"ipv4-addr--5942532b-963c-45d1-a969-499a950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5942532b-963c-45d1-a969-499a950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5942532b-963c-45d1-a969-499a950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5942532b-963c-45d1-a969-499a950d210f",
|
|
|
|
"value": "119.28.98.205"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5943bb60-c634-4bbb-a898-440102de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:05:04.000Z",
|
|
|
|
"modified": "2017-06-16T11:05:04.000Z",
|
|
|
|
"description": "- Xchecked via VT: 184a66091326a882fc4425cb9b40194c",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '135c71fda1624ba914f0e1cb7d6d769623f41b8bb08077b710c37b56351903f9']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:05:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5943bb60-9488-4159-85b4-401802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:05:04.000Z",
|
|
|
|
"modified": "2017-06-16T11:05:04.000Z",
|
|
|
|
"description": "- Xchecked via VT: 184a66091326a882fc4425cb9b40194c",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '4de7016ab381f9caa77c74525be30b2067024bf0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:05:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5943bb61-5f8c-42d9-bf8e-4a8b02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:05:05.000Z",
|
|
|
|
"modified": "2017-06-16T11:05:05.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:05:05Z",
|
|
|
|
"last_observed": "2017-06-16T11:05:05Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5943bb61-5f8c-42d9-bf8e-4a8b02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5943bb61-5f8c-42d9-bf8e-4a8b02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/135c71fda1624ba914f0e1cb7d6d769623f41b8bb08077b710c37b56351903f9/analysis/1497510333/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5943bb61-a8c8-4d76-9063-4fa202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:05:05.000Z",
|
|
|
|
"modified": "2017-06-16T11:05:05.000Z",
|
|
|
|
"description": "- Xchecked via VT: dea5cd9dcf444d6107b14cabefbb1774",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'dd15ec17e469159196a0853bf14edb45a86054c71bc555e2cd0afc1c410917b2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:05:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5943bb62-2d04-41ad-baff-499f02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:05:06.000Z",
|
|
|
|
"modified": "2017-06-16T11:05:06.000Z",
|
|
|
|
"description": "- Xchecked via VT: dea5cd9dcf444d6107b14cabefbb1774",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '69d5094172cc962acec44fcee4db19204a556009']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-16T11:05:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5943bb62-e370-4a6a-978d-487e02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-16T11:05:06.000Z",
|
|
|
|
"modified": "2017-06-16T11:05:06.000Z",
|
|
|
|
"first_observed": "2017-06-16T11:05:06Z",
|
|
|
|
"last_observed": "2017-06-16T11:05:06Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5943bb62-e370-4a6a-978d-487e02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5943bb62-e370-4a6a-978d-487e02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/dd15ec17e469159196a0853bf14edb45a86054c71bc555e2cd0afc1c410917b2/analysis/1497608873/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|