2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5968d8bc-9874-4fc2-ab64-4d7c950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T18:54:53.000Z",
|
|
|
|
"modified": "2017-07-14T18:54:53.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5968d8bc-9874-4fc2-ab64-4d7c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T18:54:53.000Z",
|
|
|
|
"modified": "2017-07-14T18:54:53.000Z",
|
|
|
|
"name": "M2M - Encrypted Docx Campaign",
|
|
|
|
"published": "2017-07-14T18:54:58Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5968d8bd-05a8-4ec7-89b8-4165950d210f",
|
|
|
|
"indicator--5968d8bd-ffa4-4c28-9679-4bb1950d210f",
|
|
|
|
"observed-data--5968d8bd-8680-43ba-a0ad-4dc7950d210f",
|
|
|
|
"url--5968d8bd-8680-43ba-a0ad-4dc7950d210f",
|
|
|
|
"observed-data--5968d8bd-88d4-4c37-be58-414c950d210f",
|
|
|
|
"network-traffic--5968d8bd-88d4-4c37-be58-414c950d210f",
|
|
|
|
"ipv4-addr--5968d8bd-88d4-4c37-be58-414c950d210f",
|
|
|
|
"indicator--5968d8be-36c8-467a-9030-4464950d210f",
|
|
|
|
"indicator--5968d8be-0d2c-42b2-91cd-41b2950d210f",
|
|
|
|
"observed-data--5968d8bf-c224-47c4-85b8-4bb2950d210f",
|
|
|
|
"network-traffic--5968d8bf-c224-47c4-85b8-4bb2950d210f",
|
|
|
|
"ipv4-addr--5968d8bf-c224-47c4-85b8-4bb2950d210f",
|
|
|
|
"indicator--5968d8bf-84dc-46f1-a964-4ec9950d210f",
|
|
|
|
"indicator--5968d8c0-5a28-4f0e-b4b2-482c950d210f",
|
|
|
|
"observed-data--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
|
|
|
|
"network-traffic--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
|
|
|
|
"ipv4-addr--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
|
|
|
|
"observed-data--5968d8c1-bd08-4f73-af5d-455d950d210f",
|
|
|
|
"url--5968d8c1-bd08-4f73-af5d-455d950d210f",
|
|
|
|
"observed-data--5968d8c1-28b8-4121-8a19-4e98950d210f",
|
|
|
|
"domain-name--5968d8c1-28b8-4121-8a19-4e98950d210f",
|
|
|
|
"observed-data--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
|
|
|
|
"network-traffic--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
|
|
|
|
"ipv4-addr--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
|
|
|
|
"indicator--5968d8c3-7e54-4c10-b74e-49cc950d210f",
|
|
|
|
"indicator--5968d8e1-0e68-4a7f-acca-4b52950d210f",
|
|
|
|
"indicator--5968d8e1-a2a4-4a02-aeff-47d0950d210f",
|
|
|
|
"indicator--5968d8e2-215c-4b33-a4a2-45de950d210f",
|
|
|
|
"indicator--5968d8e2-d4b4-4bda-b238-412f950d210f",
|
|
|
|
"indicator--5968d8e2-ede8-4033-9942-47ae950d210f",
|
|
|
|
"observed-data--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
|
|
|
|
"network-traffic--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
|
|
|
|
"ipv4-addr--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
|
|
|
|
"indicator--5968d8e3-4cec-47da-ba4f-4eee950d210f",
|
|
|
|
"indicator--5968d901-6b24-4a70-84c1-4e3b950d210f",
|
|
|
|
"indicator--5968d901-d2ac-4af7-8970-44d9950d210f",
|
|
|
|
"indicator--5968d901-3c50-4b56-b6cc-426d950d210f",
|
|
|
|
"indicator--5968dbca-1a2c-49d3-a3d8-46f802de0b81",
|
|
|
|
"indicator--5968dbca-ab5c-417b-b9df-452a02de0b81",
|
|
|
|
"observed-data--5968dbca-fb74-4987-af9f-45b602de0b81",
|
|
|
|
"url--5968dbca-fb74-4987-af9f-45b602de0b81",
|
|
|
|
"indicator--5968dbca-5744-4b5f-b3ea-4f2202de0b81",
|
|
|
|
"indicator--5968dbca-48d4-413d-ba9f-4cfe02de0b81",
|
|
|
|
"observed-data--5968dbca-a24c-4515-b49a-450e02de0b81",
|
|
|
|
"url--5968dbca-a24c-4515-b49a-450e02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d8bd-05a8-4ec7-89b8-4165950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '031cbd2f5c2ec443c7f3957cd98666f2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d8bd-ffa4-4c28-9679-4bb1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '5d688046d113f85481eb28dd1617f4c8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5968d8bd-8680-43ba-a0ad-4dc7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"first_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"last_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5968d8bd-8680-43ba-a0ad-4dc7950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5968d8bd-8680-43ba-a0ad-4dc7950d210f",
|
|
|
|
"value": "http://46.17.40.142/45.txt"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5968d8bd-88d4-4c37-be58-414c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"first_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"last_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5968d8bd-88d4-4c37-be58-414c950d210f",
|
|
|
|
"ipv4-addr--5968d8bd-88d4-4c37-be58-414c950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5968d8bd-88d4-4c37-be58-414c950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5968d8bd-88d4-4c37-be58-414c950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5968d8bd-88d4-4c37-be58-414c950d210f",
|
|
|
|
"value": "46.17.40.142"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d8be-36c8-467a-9030-4464950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[url:value = 'http://www.afripaper.co.za/Readme.txt']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d8be-0d2c-42b2-91cd-41b2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'www.afripaper.co.za']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5968d8bf-c224-47c4-85b8-4bb2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"first_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"last_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5968d8bf-c224-47c4-85b8-4bb2950d210f",
|
|
|
|
"ipv4-addr--5968d8bf-c224-47c4-85b8-4bb2950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5968d8bf-c224-47c4-85b8-4bb2950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5968d8bf-c224-47c4-85b8-4bb2950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5968d8bf-c224-47c4-85b8-4bb2950d210f",
|
|
|
|
"value": "41.76.209.200"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d8bf-84dc-46f1-a964-4ec9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[url:value = 'http://vreken.co.za/php.txt']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d8c0-5a28-4f0e-b4b2-482c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'vreken.co.za']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"first_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"last_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
|
|
|
|
"ipv4-addr--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5968d8c0-fa8c-4ffc-bf8e-41ad950d210f",
|
|
|
|
"value": "85.10.213.74"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5968d8c1-bd08-4f73-af5d-455d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T18:54:42.000Z",
|
|
|
|
"modified": "2017-07-14T18:54:42.000Z",
|
|
|
|
"first_observed": "2017-07-14T18:54:42Z",
|
|
|
|
"last_observed": "2017-07-14T18:54:42Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5968d8c1-bd08-4f73-af5d-455d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5968d8c1-bd08-4f73-af5d-455d950d210f",
|
|
|
|
"value": "http://www.php.net/license/3_0.txt"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5968d8c1-28b8-4121-8a19-4e98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T18:53:34.000Z",
|
|
|
|
"modified": "2017-07-14T18:53:34.000Z",
|
|
|
|
"first_observed": "2017-07-14T18:53:34Z",
|
|
|
|
"last_observed": "2017-07-14T18:53:34Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--5968d8c1-28b8-4121-8a19-4e98950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--5968d8c1-28b8-4121-8a19-4e98950d210f",
|
|
|
|
"value": "www.php.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"first_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"last_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
|
|
|
|
"ipv4-addr--5968d8c2-7bb8-47e6-ada7-43bd950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5968d8c2-7bb8-47e6-ada7-43bd950d210f",
|
|
|
|
"value": "72.52.91.14"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d8c3-7e54-4c10-b74e-49cc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'theindividualsa.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d8e1-0e68-4a7f-acca-4b52950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'phpbehalfasayingengright.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d8e1-a2a4-4a02-aeff-47d0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'andpromoteaphpvoluntary.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d8e2-215c-4b33-a4a2-45de950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'andthefollowing.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d8e2-d4b4-4bda-b238-412f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'pleasetheliable.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d8e2-ede8-4033-9942-47ae950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'developmentfstrict.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"first_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"last_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
|
|
|
|
"ipv4-addr--5968d8e2-d07c-4a77-af2c-4d5d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5968d8e2-d07c-4a77-af2c-4d5d950d210f",
|
|
|
|
"value": "87.106.18.141"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d8e3-4cec-47da-ba4f-4eee950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'yotherwiseforms.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d901-6b24-4a70-84c1-4e3b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'termswrittennew.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d901-d2ac-4af7-8970-44d9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'incidentalarizend.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968d901-3c50-4b56-b6cc-426d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'disclaimersource.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968dbca-1a2c-49d3-a3d8-46f802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"description": "- Xchecked via VT: 031cbd2f5c2ec443c7f3957cd98666f2",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '68dab0f3405c9e72014912dce2e9fb136d217ce7c1d8c290100b72bf575f8e86']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968dbca-ab5c-417b-b9df-452a02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"description": "- Xchecked via VT: 031cbd2f5c2ec443c7f3957cd98666f2",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '6ad2f8a07c6f460cd90a800f2ab439d355644be7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5968dbca-fb74-4987-af9f-45b602de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"first_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"last_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5968dbca-fb74-4987-af9f-45b602de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5968dbca-fb74-4987-af9f-45b602de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/68dab0f3405c9e72014912dce2e9fb136d217ce7c1d8c290100b72bf575f8e86/analysis/1499950427/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968dbca-5744-4b5f-b3ea-4f2202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"description": "- Xchecked via VT: 5d688046d113f85481eb28dd1617f4c8",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'e3d5b9a0cd383d8935e967354229ef3535f8af55c18386bd54661b6448989a2b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5968dbca-48d4-413d-ba9f-4cfe02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"description": "- Xchecked via VT: 5d688046d113f85481eb28dd1617f4c8",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '43cfb4ea8f6a1bb049f94653aa89d462b19ead04']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-07-14T14:57:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5968dbca-a24c-4515-b49a-450e02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-14T14:57:14.000Z",
|
|
|
|
"modified": "2017-07-14T14:57:14.000Z",
|
|
|
|
"first_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"last_observed": "2017-07-14T14:57:14Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5968dbca-a24c-4515-b49a-450e02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5968dbca-a24c-4515-b49a-450e02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/e3d5b9a0cd383d8935e967354229ef3535f8af55c18386bd54661b6448989a2b/analysis/1500007097/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|