adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/59b6a0c8-ed80-4d1a-8693-4551950d210f.json

3609 lines
142 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--59b6a0c8-ed80-4d1a-8693-4551950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:45:31.000Z",
"modified": "2017-09-11T14:45:31.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--59b6a0c8-ed80-4d1a-8693-4551950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:45:31.000Z",
"modified": "2017-09-11T14:45:31.000Z",
"name": "M2M - Malspam 2017-09-11 \"Email Invoice Requested\"",
"published": "2017-09-11T14:45:41Z",
"object_refs": [
"indicator--59b6a0c8-4d1c-4095-8d53-4d84950d210f",
"indicator--59b6a0c8-31c4-4cfe-8ac9-4e50950d210f",
"indicator--59b6a0c9-4330-4e20-be0d-4251950d210f",
"indicator--59b6a0c9-14f4-4295-8453-420b950d210f",
"indicator--59b6a0c9-ecf8-444f-95ef-4433950d210f",
"observed-data--59b6a0ca-30c8-4356-ab1b-4e98950d210f",
"network-traffic--59b6a0ca-30c8-4356-ab1b-4e98950d210f",
"ipv4-addr--59b6a0ca-30c8-4356-ab1b-4e98950d210f",
"indicator--59b6a0ca-e1cc-4527-a3e3-4133950d210f",
"indicator--59b6a0ca-0324-4a60-b382-4d35950d210f",
"observed-data--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f",
"network-traffic--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f",
"ipv4-addr--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f",
"indicator--59b6a0ca-777c-4991-8c6c-455a950d210f",
"indicator--59b6a0cb-60c8-4f86-8431-48da950d210f",
"observed-data--59b6a0cb-bfa0-46c6-b073-4732950d210f",
"network-traffic--59b6a0cb-bfa0-46c6-b073-4732950d210f",
"ipv4-addr--59b6a0cb-bfa0-46c6-b073-4732950d210f",
"indicator--59b6a0cb-2614-4ff0-be35-45ba950d210f",
"indicator--59b6a0cc-8c68-4fe6-8340-4630950d210f",
"indicator--59b6a0cc-dfd0-4134-bad7-fc5a950d210f",
"indicator--59b6a0cd-1604-41c5-b644-4856950d210f",
"observed-data--59b6a0cd-de90-4961-a7bb-4f85950d210f",
"network-traffic--59b6a0cd-de90-4961-a7bb-4f85950d210f",
"ipv4-addr--59b6a0cd-de90-4961-a7bb-4f85950d210f",
"indicator--59b6a0cd-e25c-47ea-bb21-4634950d210f",
"indicator--59b6a0cd-e230-470f-8245-4df3950d210f",
"observed-data--59b6a0ce-5bc8-4564-83c5-4921950d210f",
"network-traffic--59b6a0ce-5bc8-4564-83c5-4921950d210f",
"ipv4-addr--59b6a0ce-5bc8-4564-83c5-4921950d210f",
"indicator--59b6a0ce-3348-4d6f-afab-4751950d210f",
"indicator--59b6a0ce-b48c-4612-aa7c-4aa5950d210f",
"indicator--59b6a0cf-094c-4e99-afbd-4cee950d210f",
"indicator--59b6a0cf-4e14-44d9-9fbb-fc5a950d210f",
"indicator--59b6a0cf-ade8-4e24-86fc-4ab6950d210f",
"indicator--59b6a0cf-1798-4e79-b4d6-40d3950d210f",
"indicator--59b6a0d0-0fe4-4e59-81a2-4399950d210f",
"indicator--59b6a0d0-a41c-444f-ad94-4b2e950d210f",
"indicator--59b6a0d0-2010-4efd-a111-4df1950d210f",
"indicator--59b6a0d1-b184-4081-a883-4e01950d210f",
"observed-data--59b6a0d1-6488-48cd-b879-4dd4950d210f",
"network-traffic--59b6a0d1-6488-48cd-b879-4dd4950d210f",
"ipv4-addr--59b6a0d1-6488-48cd-b879-4dd4950d210f",
"indicator--59b6a0d1-504c-4ef1-8a3b-46f6950d210f",
"indicator--59b6a0d1-6e68-41eb-837d-4543950d210f",
"indicator--59b6a0d2-ca20-4b80-b51d-437d950d210f",
"indicator--59b6a0d2-cea0-4524-ad2f-468c950d210f",
"indicator--59b6a0d2-aac8-4ac2-a78c-4c7a950d210f",
"indicator--59b6a0d3-27b0-478a-9b34-4938950d210f",
"indicator--59b6a0d3-1844-477e-960c-4d9e950d210f",
"indicator--59b6a0d3-4768-4a4c-bc34-4661950d210f",
"indicator--59b6a0d3-3e28-4bf8-b59a-478b950d210f",
"indicator--59b6a0d4-c908-4c9b-8269-4996950d210f",
"indicator--59b6a0d5-a2f8-49e2-9d44-4f5d950d210f",
"indicator--59b6a0d5-996c-4d96-9187-4446950d210f",
"indicator--59b6a0d5-179c-43ce-8b15-4925950d210f",
"indicator--59b6a0d5-ea8c-4e72-a592-497b950d210f",
"indicator--59b6a0d6-4a00-4421-a69a-4900950d210f",
"indicator--59b6a0d6-d464-47ad-8528-4a17950d210f",
"observed-data--59b6a0d7-4118-46e4-b6d8-450c950d210f",
"network-traffic--59b6a0d7-4118-46e4-b6d8-450c950d210f",
"ipv4-addr--59b6a0d7-4118-46e4-b6d8-450c950d210f",
"indicator--59b6a0d7-dcb4-40c1-8bb5-45d1950d210f",
"indicator--59b6a0d7-840c-4206-9d05-4373950d210f",
"indicator--59b6a0d7-ffb4-446e-a3db-4804950d210f",
"indicator--59b6a0d7-a91c-4b57-b40f-43d7950d210f",
"observed-data--59b6a0d8-44c0-46db-96c7-47e0950d210f",
"network-traffic--59b6a0d8-44c0-46db-96c7-47e0950d210f",
"ipv4-addr--59b6a0d8-44c0-46db-96c7-47e0950d210f",
"indicator--59b6a0d8-313c-4379-85d1-449e950d210f",
"indicator--59b6a0d8-f374-4112-ae52-4db0950d210f",
"observed-data--59b6a0d8-0d14-49df-9398-457c950d210f",
"network-traffic--59b6a0d8-0d14-49df-9398-457c950d210f",
"ipv4-addr--59b6a0d8-0d14-49df-9398-457c950d210f",
"indicator--59b6a0d9-c9ec-4db2-8fe4-43bc950d210f",
"indicator--59b6a0d9-4a08-4ed3-8d3d-49d7950d210f",
"observed-data--59b6a0d9-f21c-4f54-ba95-4801950d210f",
"network-traffic--59b6a0d9-f21c-4f54-ba95-4801950d210f",
"ipv4-addr--59b6a0d9-f21c-4f54-ba95-4801950d210f",
"indicator--59b6a0d9-5800-49b8-a329-47fc950d210f",
"indicator--59b6a0d9-25f0-4b07-94fb-4f8d950d210f",
"indicator--59b6a0da-ece4-46a9-bee9-4567950d210f",
"indicator--59b6a0da-218c-4dd0-a37c-4467950d210f",
"indicator--59b6a0da-7224-40ba-a138-4101950d210f",
"indicator--59b6a0db-f858-4efa-85c3-414a950d210f",
"observed-data--59b6a0db-24e0-4a1f-9c49-4dd1950d210f",
"network-traffic--59b6a0db-24e0-4a1f-9c49-4dd1950d210f",
"ipv4-addr--59b6a0db-24e0-4a1f-9c49-4dd1950d210f",
"indicator--59b6a0db-bb48-4fa0-b787-405c950d210f",
"indicator--59b6a0db-aa78-4a68-8c2f-44ee950d210f",
"indicator--59b6a0dc-8e58-4e24-82b1-4356950d210f",
"indicator--59b6a0dc-a0e0-4932-8ed0-4e51950d210f",
"observed-data--59b6a0dc-ec6c-43ea-bc9f-474b950d210f",
"network-traffic--59b6a0dc-ec6c-43ea-bc9f-474b950d210f",
"ipv4-addr--59b6a0dc-ec6c-43ea-bc9f-474b950d210f",
"indicator--59b6a0dc-d618-4f65-8155-4946950d210f",
"indicator--59b6a0dd-8198-40fb-926e-fc5a950d210f",
"indicator--59b6a0dd-789c-41e8-960d-452b950d210f",
"indicator--59b6a0dd-94c0-473e-b353-4115950d210f",
"indicator--59b6a0de-89a4-4ef4-aee9-4654950d210f",
"indicator--59b6a0de-491c-4cef-bcd5-49c1950d210f",
"indicator--59b6a0df-e08c-4675-af62-4dd9950d210f",
"indicator--59b6a0df-f4b8-4afc-9af1-fc5a950d210f",
"indicator--59b6a0df-b060-4fc5-bdf7-41fb950d210f",
"indicator--59b6a0df-4e6c-4cf4-89e1-47eb950d210f",
"indicator--59b6a0e0-bac0-40e0-896f-4310950d210f",
"indicator--59b6a0e0-cf3c-4b2f-a9a0-4c76950d210f",
"indicator--59b6a0e0-df78-4e27-aeff-4566950d210f",
"indicator--59b6a0e0-578c-4f5c-b96b-4123950d210f",
"indicator--59b6a0e1-3a3c-46f1-bbf6-47ad950d210f",
"indicator--59b6a0e1-352c-49c0-b4f2-4836950d210f",
"indicator--59b6a0e2-ad14-4539-8b8a-4926950d210f",
"indicator--59b6a0e2-4194-4589-9e25-4309950d210f",
"indicator--59b6a0e2-4314-4f08-b111-4378950d210f",
"indicator--59b6a0e3-7d38-4f81-b69d-4efc950d210f",
"indicator--59b6a0e3-8f50-4d86-9f27-4ee7950d210f",
"indicator--59b6a0e3-38b8-48a3-aaf3-409c950d210f",
"indicator--59b6a0e3-229c-4cae-9a37-49a2950d210f",
"indicator--59b6a0e4-6a64-40a8-bef9-4ec4950d210f",
"observed-data--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f",
"network-traffic--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f",
"ipv4-addr--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f",
"indicator--59b6a0e4-361c-4c7b-881e-4f71950d210f",
"indicator--59b6a0e4-5a2c-4651-b824-420a950d210f",
"indicator--59b6a0e5-2dd0-4983-8f0d-47e0950d210f",
"indicator--59b6a0e5-ec10-4f6c-958b-410b950d210f",
"indicator--59b6a0e5-3da0-4036-9cfa-424c950d210f",
"indicator--59b6a0e6-d2c0-44f8-9f1d-fc5a950d210f",
"observed-data--59b6a0e6-3bb0-473e-801e-4d9e950d210f",
"network-traffic--59b6a0e6-3bb0-473e-801e-4d9e950d210f",
"ipv4-addr--59b6a0e6-3bb0-473e-801e-4d9e950d210f",
"indicator--59b6a0e6-b9c8-45b0-98c4-4077950d210f",
"indicator--59b6a0e7-9dfc-43db-b96b-4961950d210f",
"observed-data--59b6a0e7-444c-4a19-94f3-4004950d210f",
"network-traffic--59b6a0e7-444c-4a19-94f3-4004950d210f",
"ipv4-addr--59b6a0e7-444c-4a19-94f3-4004950d210f",
"indicator--59b6a0e7-f7fc-4ba2-acaa-40c2950d210f",
"indicator--59b6a0e7-0a90-43bb-b195-47ed950d210f",
"observed-data--59b6a0e8-2b18-43c7-beec-49f9950d210f",
"network-traffic--59b6a0e8-2b18-43c7-beec-49f9950d210f",
"ipv4-addr--59b6a0e8-2b18-43c7-beec-49f9950d210f",
"observed-data--59b6a0e8-df70-413c-bf5d-4038950d210f",
"url--59b6a0e8-df70-413c-bf5d-4038950d210f",
"observed-data--59b6a0e9-b694-463b-982f-fc5a950d210f",
"network-traffic--59b6a0e9-b694-463b-982f-fc5a950d210f",
"ipv4-addr--59b6a0e9-b694-463b-982f-fc5a950d210f",
"observed-data--59b6a0e9-faf0-47cd-8fce-408a950d210f",
"url--59b6a0e9-faf0-47cd-8fce-408a950d210f",
"observed-data--59b6a0e9-c660-46cf-ba0c-40c3950d210f",
"network-traffic--59b6a0e9-c660-46cf-ba0c-40c3950d210f",
"ipv4-addr--59b6a0e9-c660-46cf-ba0c-40c3950d210f",
"indicator--59b6a0e9-8a6c-4da4-8071-4776950d210f",
"indicator--59b6a0e9-1ae0-4629-a9ac-456e950d210f",
"indicator--59b6a0ea-d034-493e-9f02-43d2950d210f",
"indicator--59b6a0ea-8b50-439f-b3dc-421a950d210f",
"indicator--59b6a0ea-db5c-45e6-95e6-4fe9950d210f",
"indicator--59b6a0ea-5360-4b1a-9c87-41be950d210f",
"indicator--59b6a0eb-efe0-487a-89d8-477e950d210f",
"indicator--59b6a0eb-e9e8-44ea-89dc-4e48950d210f",
"indicator--59b6a0eb-0880-4327-baa2-40dc950d210f",
"indicator--59b6a0eb-a70c-4a23-af70-432c950d210f",
"indicator--59b6a0eb-9cec-4666-8785-4290950d210f",
"indicator--59b6a0ec-03f0-493f-8daf-4ac2950d210f",
"observed-data--59b6a0ec-769c-4be2-b54d-48c1950d210f",
"network-traffic--59b6a0ec-769c-4be2-b54d-48c1950d210f",
"ipv4-addr--59b6a0ec-769c-4be2-b54d-48c1950d210f",
"indicator--59b6a0ec-424c-407d-80ac-49a6950d210f",
"indicator--59b6a0ec-bcb0-40d8-af8b-461a950d210f",
"indicator--59b6a0ec-6cf4-451f-b949-43fa950d210f",
"indicator--59b6a0ed-aa4c-4b1a-8729-4535950d210f",
"indicator--59b6a0ed-67b4-48d3-9a61-4781950d210f",
"indicator--59b6a0ed-3d3c-470e-accb-fc5a950d210f",
"indicator--59b6a0ed-c0c0-45a4-8dec-4a6b950d210f",
"indicator--59b6a0ee-f498-4980-8420-4941950d210f",
"indicator--59b6a0ee-043c-4aae-be8a-4f5d950d210f",
"indicator--59b6a0ee-a400-4701-a612-44a6950d210f",
"indicator--59b6a0ef-0140-44c4-85bd-401f950d210f",
"indicator--59b6a0ef-1634-4dc4-9471-42fa950d210f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:ransomware=\"Locky\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0c8-4d1c-4095-8d53-4d84950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:16.000Z",
"modified": "2017-09-11T14:42:16.000Z",
"pattern": "[file:hashes.MD5 = 'd4b05d9ecb82761df4b1e997c225c216']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0c8-31c4-4cfe-8ac9-4e50950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:16.000Z",
"modified": "2017-09-11T14:42:16.000Z",
"pattern": "[file:hashes.MD5 = '6a9181b6e3cb369bdca58c1b98353fa7']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0c9-4330-4e20-be0d-4251950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:17.000Z",
"modified": "2017-09-11T14:42:17.000Z",
"pattern": "[file:hashes.MD5 = 'fb349ce628eadfd3e56f0bc8f8db6947']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0c9-14f4-4295-8453-420b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:17.000Z",
"modified": "2017-09-11T14:42:17.000Z",
"pattern": "[url:value = 'http://1.babybrain.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0c9-ecf8-444f-95ef-4433950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:17.000Z",
"modified": "2017-09-11T14:42:17.000Z",
"pattern": "[domain-name:value = '1.babybrain.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:17Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0ca-30c8-4356-ab1b-4e98950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:18.000Z",
"modified": "2017-09-11T14:42:18.000Z",
"first_observed": "2017-09-11T14:42:18Z",
"last_observed": "2017-09-11T14:42:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0ca-30c8-4356-ab1b-4e98950d210f",
"ipv4-addr--59b6a0ca-30c8-4356-ab1b-4e98950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0ca-30c8-4356-ab1b-4e98950d210f",
"dst_ref": "ipv4-addr--59b6a0ca-30c8-4356-ab1b-4e98950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0ca-30c8-4356-ab1b-4e98950d210f",
"value": "81.177.139.92"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ca-e1cc-4527-a3e3-4133950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:18.000Z",
"modified": "2017-09-11T14:42:18.000Z",
"pattern": "[url:value = 'http://ar777.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ca-0324-4a60-b382-4d35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:18.000Z",
"modified": "2017-09-11T14:42:18.000Z",
"pattern": "[domain-name:value = 'ar777.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:18.000Z",
"modified": "2017-09-11T14:42:18.000Z",
"first_observed": "2017-09-11T14:42:18Z",
"last_observed": "2017-09-11T14:42:18Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f",
"ipv4-addr--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f",
"dst_ref": "ipv4-addr--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0ca-f8a0-4aaf-89ef-4f8b950d210f",
"value": "151.248.118.201"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ca-777c-4991-8c6c-455a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:18.000Z",
"modified": "2017-09-11T14:42:18.000Z",
"pattern": "[url:value = 'http://atm-digital.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:18Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0cb-60c8-4f86-8431-48da950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:19.000Z",
"modified": "2017-09-11T14:42:19.000Z",
"pattern": "[domain-name:value = 'atm-digital.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0cb-bfa0-46c6-b073-4732950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:19.000Z",
"modified": "2017-09-11T14:42:19.000Z",
"first_observed": "2017-09-11T14:42:19Z",
"last_observed": "2017-09-11T14:42:19Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0cb-bfa0-46c6-b073-4732950d210f",
"ipv4-addr--59b6a0cb-bfa0-46c6-b073-4732950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0cb-bfa0-46c6-b073-4732950d210f",
"dst_ref": "ipv4-addr--59b6a0cb-bfa0-46c6-b073-4732950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0cb-bfa0-46c6-b073-4732950d210f",
"value": "188.225.77.99"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0cb-2614-4ff0-be35-45ba950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:19.000Z",
"modified": "2017-09-11T14:42:19.000Z",
"pattern": "[url:value = 'http://avtomir2.rbs62.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:19Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0cc-8c68-4fe6-8340-4630950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:20.000Z",
"modified": "2017-09-11T14:42:20.000Z",
"pattern": "[domain-name:value = 'avtomir2.rbs62.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0cc-dfd0-4134-bad7-fc5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:20.000Z",
"modified": "2017-09-11T14:42:20.000Z",
"pattern": "[url:value = 'http://bestclines.1234max.com/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:20Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0cd-1604-41c5-b644-4856950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:21.000Z",
"modified": "2017-09-11T14:42:21.000Z",
"pattern": "[domain-name:value = 'bestclines.1234max.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0cd-de90-4961-a7bb-4f85950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:21.000Z",
"modified": "2017-09-11T14:42:21.000Z",
"first_observed": "2017-09-11T14:42:21Z",
"last_observed": "2017-09-11T14:42:21Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0cd-de90-4961-a7bb-4f85950d210f",
"ipv4-addr--59b6a0cd-de90-4961-a7bb-4f85950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0cd-de90-4961-a7bb-4f85950d210f",
"dst_ref": "ipv4-addr--59b6a0cd-de90-4961-a7bb-4f85950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0cd-de90-4961-a7bb-4f85950d210f",
"value": "5.189.167.10"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0cd-e25c-47ea-bb21-4634950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:21.000Z",
"modified": "2017-09-11T14:42:21.000Z",
"pattern": "[url:value = 'http://biohazard.net-live.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0cd-e230-470f-8245-4df3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:21.000Z",
"modified": "2017-09-11T14:42:21.000Z",
"pattern": "[domain-name:value = 'biohazard.net-live.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:21Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0ce-5bc8-4564-83c5-4921950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:22.000Z",
"modified": "2017-09-11T14:42:22.000Z",
"first_observed": "2017-09-11T14:42:22Z",
"last_observed": "2017-09-11T14:42:22Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0ce-5bc8-4564-83c5-4921950d210f",
"ipv4-addr--59b6a0ce-5bc8-4564-83c5-4921950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0ce-5bc8-4564-83c5-4921950d210f",
"dst_ref": "ipv4-addr--59b6a0ce-5bc8-4564-83c5-4921950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0ce-5bc8-4564-83c5-4921950d210f",
"value": "188.244.34.63"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ce-3348-4d6f-afab-4751950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:22.000Z",
"modified": "2017-09-11T14:42:22.000Z",
"pattern": "[url:value = 'http://bip32.1234max.com/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ce-b48c-4612-aa7c-4aa5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:22.000Z",
"modified": "2017-09-11T14:42:22.000Z",
"pattern": "[domain-name:value = 'bip32.1234max.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:22Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0cf-094c-4e99-afbd-4cee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:23.000Z",
"modified": "2017-09-11T14:42:23.000Z",
"pattern": "[url:value = 'http://civ.net-live.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0cf-4e14-44d9-9fbb-fc5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:23.000Z",
"modified": "2017-09-11T14:42:23.000Z",
"pattern": "[domain-name:value = 'civ.net-live.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0cf-ade8-4e24-86fc-4ab6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:23.000Z",
"modified": "2017-09-11T14:42:23.000Z",
"pattern": "[url:value = 'http://cyberline-tech.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0cf-1798-4e79-b4d6-40d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:23.000Z",
"modified": "2017-09-11T14:42:23.000Z",
"pattern": "[domain-name:value = 'cyberline-tech.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:23Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d0-0fe4-4e59-81a2-4399950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:24.000Z",
"modified": "2017-09-11T14:42:24.000Z",
"pattern": "[url:value = 'http://dice.1234max.com/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d0-a41c-444f-ad94-4b2e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:24.000Z",
"modified": "2017-09-11T14:42:24.000Z",
"pattern": "[domain-name:value = 'dice.1234max.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d0-2010-4efd-a111-4df1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:24.000Z",
"modified": "2017-09-11T14:42:24.000Z",
"pattern": "[url:value = 'http://ecers.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:24Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d1-b184-4081-a883-4e01950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:25.000Z",
"modified": "2017-09-11T14:42:25.000Z",
"pattern": "[domain-name:value = 'ecers.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0d1-6488-48cd-b879-4dd4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:25.000Z",
"modified": "2017-09-11T14:42:25.000Z",
"first_observed": "2017-09-11T14:42:25Z",
"last_observed": "2017-09-11T14:42:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0d1-6488-48cd-b879-4dd4950d210f",
"ipv4-addr--59b6a0d1-6488-48cd-b879-4dd4950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0d1-6488-48cd-b879-4dd4950d210f",
"dst_ref": "ipv4-addr--59b6a0d1-6488-48cd-b879-4dd4950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0d1-6488-48cd-b879-4dd4950d210f",
"value": "78.110.50.125"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d1-504c-4ef1-8a3b-46f6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:25.000Z",
"modified": "2017-09-11T14:42:25.000Z",
"pattern": "[url:value = 'http://edtrend.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d1-6e68-41eb-837d-4543950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:25.000Z",
"modified": "2017-09-11T14:42:25.000Z",
"pattern": "[domain-name:value = 'edtrend.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:25Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d2-ca20-4b80-b51d-437d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:26.000Z",
"modified": "2017-09-11T14:42:26.000Z",
"pattern": "[url:value = 'http://edu.ecers.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d2-cea0-4524-ad2f-468c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:26.000Z",
"modified": "2017-09-11T14:42:26.000Z",
"pattern": "[domain-name:value = 'edu.ecers.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d2-aac8-4ac2-a78c-4c7a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:26.000Z",
"modified": "2017-09-11T14:42:26.000Z",
"pattern": "[url:value = 'http://fil.rbs62.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:26Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d3-27b0-478a-9b34-4938950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:27.000Z",
"modified": "2017-09-11T14:42:27.000Z",
"pattern": "[domain-name:value = 'fil.rbs62.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d3-1844-477e-960c-4d9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:27.000Z",
"modified": "2017-09-11T14:42:27.000Z",
"pattern": "[url:value = 'http://holdtime.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d3-4768-4a4c-bc34-4661950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:27.000Z",
"modified": "2017-09-11T14:42:27.000Z",
"pattern": "[domain-name:value = 'holdtime.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d3-3e28-4bf8-b59a-478b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:27.000Z",
"modified": "2017-09-11T14:42:27.000Z",
"pattern": "[url:value = 'http://isp.mgpu.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:27Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d4-c908-4c9b-8269-4996950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:28.000Z",
"modified": "2017-09-11T14:42:28.000Z",
"pattern": "[domain-name:value = 'isp.mgpu.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:28Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d5-a2f8-49e2-9d44-4f5d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:29.000Z",
"modified": "2017-09-11T14:42:29.000Z",
"pattern": "[url:value = 'http://k1000.rbs62.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d5-996c-4d96-9187-4446950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:29.000Z",
"modified": "2017-09-11T14:42:29.000Z",
"pattern": "[domain-name:value = 'k1000.rbs62.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d5-179c-43ce-8b15-4925950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:29.000Z",
"modified": "2017-09-11T14:42:29.000Z",
"pattern": "[url:value = 'http://kancmarkt.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d5-ea8c-4e72-a592-497b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:29.000Z",
"modified": "2017-09-11T14:42:29.000Z",
"pattern": "[domain-name:value = 'kancmarkt.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d6-4a00-4421-a69a-4900950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:30.000Z",
"modified": "2017-09-11T14:42:30.000Z",
"pattern": "[url:value = 'http://lum0s.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d6-d464-47ad-8528-4a17950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:30.000Z",
"modified": "2017-09-11T14:42:30.000Z",
"pattern": "[domain-name:value = 'lum0s.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:30Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0d7-4118-46e4-b6d8-450c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:30.000Z",
"modified": "2017-09-11T14:42:30.000Z",
"first_observed": "2017-09-11T14:42:30Z",
"last_observed": "2017-09-11T14:42:30Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0d7-4118-46e4-b6d8-450c950d210f",
"ipv4-addr--59b6a0d7-4118-46e4-b6d8-450c950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0d7-4118-46e4-b6d8-450c950d210f",
"dst_ref": "ipv4-addr--59b6a0d7-4118-46e4-b6d8-450c950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0d7-4118-46e4-b6d8-450c950d210f",
"value": "81.177.141.172"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d7-dcb4-40c1-8bb5-45d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:31.000Z",
"modified": "2017-09-11T14:42:31.000Z",
"pattern": "[url:value = 'http://mama.holdtime.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d7-840c-4206-9d05-4373950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:31.000Z",
"modified": "2017-09-11T14:42:31.000Z",
"pattern": "[domain-name:value = 'mama.holdtime.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d7-ffb4-446e-a3db-4804950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:31.000Z",
"modified": "2017-09-11T14:42:31.000Z",
"pattern": "[url:value = 'http://martinagebhardt.hu/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d7-a91c-4b57-b40f-43d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:31.000Z",
"modified": "2017-09-11T14:42:31.000Z",
"pattern": "[domain-name:value = 'martinagebhardt.hu']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:31Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0d8-44c0-46db-96c7-47e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:32.000Z",
"modified": "2017-09-11T14:42:32.000Z",
"first_observed": "2017-09-11T14:42:32Z",
"last_observed": "2017-09-11T14:42:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0d8-44c0-46db-96c7-47e0950d210f",
"ipv4-addr--59b6a0d8-44c0-46db-96c7-47e0950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0d8-44c0-46db-96c7-47e0950d210f",
"dst_ref": "ipv4-addr--59b6a0d8-44c0-46db-96c7-47e0950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0d8-44c0-46db-96c7-47e0950d210f",
"value": "95.85.29.52"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d8-313c-4379-85d1-449e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:32.000Z",
"modified": "2017-09-11T14:42:32.000Z",
"pattern": "[url:value = 'http://molapple.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d8-f374-4112-ae52-4db0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:32.000Z",
"modified": "2017-09-11T14:42:32.000Z",
"pattern": "[domain-name:value = 'molapple.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:32Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0d8-0d14-49df-9398-457c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:32.000Z",
"modified": "2017-09-11T14:42:32.000Z",
"first_observed": "2017-09-11T14:42:32Z",
"last_observed": "2017-09-11T14:42:32Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0d8-0d14-49df-9398-457c950d210f",
"ipv4-addr--59b6a0d8-0d14-49df-9398-457c950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0d8-0d14-49df-9398-457c950d210f",
"dst_ref": "ipv4-addr--59b6a0d8-0d14-49df-9398-457c950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0d8-0d14-49df-9398-457c950d210f",
"value": "77.108.83.244"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d9-c9ec-4db2-8fe4-43bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:33.000Z",
"modified": "2017-09-11T14:42:33.000Z",
"pattern": "[url:value = 'http://old.tsg-upravdom.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d9-4a08-4ed3-8d3d-49d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:33.000Z",
"modified": "2017-09-11T14:42:33.000Z",
"pattern": "[domain-name:value = 'old.tsg-upravdom.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0d9-f21c-4f54-ba95-4801950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:33.000Z",
"modified": "2017-09-11T14:42:33.000Z",
"first_observed": "2017-09-11T14:42:33Z",
"last_observed": "2017-09-11T14:42:33Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0d9-f21c-4f54-ba95-4801950d210f",
"ipv4-addr--59b6a0d9-f21c-4f54-ba95-4801950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0d9-f21c-4f54-ba95-4801950d210f",
"dst_ref": "ipv4-addr--59b6a0d9-f21c-4f54-ba95-4801950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0d9-f21c-4f54-ba95-4801950d210f",
"value": "81.177.141.82"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d9-5800-49b8-a329-47fc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:33.000Z",
"modified": "2017-09-11T14:42:33.000Z",
"pattern": "[url:value = 'http://portal.rbs62.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0d9-25f0-4b07-94fb-4f8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:33.000Z",
"modified": "2017-09-11T14:42:33.000Z",
"pattern": "[domain-name:value = 'portal.rbs62.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:33Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0da-ece4-46a9-bee9-4567950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:34.000Z",
"modified": "2017-09-11T14:42:34.000Z",
"pattern": "[url:value = 'http://proxy.tor4.biz/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0da-218c-4dd0-a37c-4467950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:34.000Z",
"modified": "2017-09-11T14:42:34.000Z",
"pattern": "[domain-name:value = 'proxy.tor4.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0da-7224-40ba-a138-4101950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:34.000Z",
"modified": "2017-09-11T14:42:34.000Z",
"pattern": "[url:value = 'http://ptr-spb.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:34Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0db-f858-4efa-85c3-414a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:35.000Z",
"modified": "2017-09-11T14:42:35.000Z",
"pattern": "[domain-name:value = 'ptr-spb.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0db-24e0-4a1f-9c49-4dd1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:35.000Z",
"modified": "2017-09-11T14:42:35.000Z",
"first_observed": "2017-09-11T14:42:35Z",
"last_observed": "2017-09-11T14:42:35Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0db-24e0-4a1f-9c49-4dd1950d210f",
"ipv4-addr--59b6a0db-24e0-4a1f-9c49-4dd1950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0db-24e0-4a1f-9c49-4dd1950d210f",
"dst_ref": "ipv4-addr--59b6a0db-24e0-4a1f-9c49-4dd1950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0db-24e0-4a1f-9c49-4dd1950d210f",
"value": "188.127.230.15"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0db-bb48-4fa0-b787-405c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:35.000Z",
"modified": "2017-09-11T14:42:35.000Z",
"pattern": "[url:value = 'http://rbs62.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0db-aa78-4a68-8c2f-44ee950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:35.000Z",
"modified": "2017-09-11T14:42:35.000Z",
"pattern": "[domain-name:value = 'rbs62.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:35Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0dc-8e58-4e24-82b1-4356950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:36.000Z",
"modified": "2017-09-11T14:42:36.000Z",
"pattern": "[url:value = 'http://reicon.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0dc-a0e0-4932-8ed0-4e51950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:36.000Z",
"modified": "2017-09-11T14:42:36.000Z",
"pattern": "[domain-name:value = 'reicon.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0dc-ec6c-43ea-bc9f-474b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:36.000Z",
"modified": "2017-09-11T14:42:36.000Z",
"first_observed": "2017-09-11T14:42:36Z",
"last_observed": "2017-09-11T14:42:36Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0dc-ec6c-43ea-bc9f-474b950d210f",
"ipv4-addr--59b6a0dc-ec6c-43ea-bc9f-474b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0dc-ec6c-43ea-bc9f-474b950d210f",
"dst_ref": "ipv4-addr--59b6a0dc-ec6c-43ea-bc9f-474b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0dc-ec6c-43ea-bc9f-474b950d210f",
"value": "109.120.162.26"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0dc-d618-4f65-8155-4946950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:36.000Z",
"modified": "2017-09-11T14:42:36.000Z",
"pattern": "[url:value = 'http://renych.net-live.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:36Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0dd-8198-40fb-926e-fc5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:37.000Z",
"modified": "2017-09-11T14:42:37.000Z",
"pattern": "[domain-name:value = 'renych.net-live.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0dd-789c-41e8-960d-452b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:37.000Z",
"modified": "2017-09-11T14:42:37.000Z",
"pattern": "[url:value = 'http://rp.holdtime.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0dd-94c0-473e-b353-4115950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:37.000Z",
"modified": "2017-09-11T14:42:37.000Z",
"pattern": "[domain-name:value = 'rp.holdtime.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:37Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0de-89a4-4ef4-aee9-4654950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:38.000Z",
"modified": "2017-09-11T14:42:38.000Z",
"pattern": "[url:value = 'http://scripts.tor4.biz/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0de-491c-4cef-bcd5-49c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:38.000Z",
"modified": "2017-09-11T14:42:38.000Z",
"pattern": "[domain-name:value = 'scripts.tor4.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:38Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0df-e08c-4675-af62-4dd9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:39.000Z",
"modified": "2017-09-11T14:42:39.000Z",
"pattern": "[url:value = 'http://shtamp.rbs62.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0df-f4b8-4afc-9af1-fc5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:39.000Z",
"modified": "2017-09-11T14:42:39.000Z",
"pattern": "[domain-name:value = 'shtamp.rbs62.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0df-b060-4fc5-bdf7-41fb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:39.000Z",
"modified": "2017-09-11T14:42:39.000Z",
"pattern": "[url:value = 'http://sptorgsib.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0df-4e6c-4cf4-89e1-47eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:39.000Z",
"modified": "2017-09-11T14:42:39.000Z",
"pattern": "[domain-name:value = 'sptorgsib.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:39Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e0-bac0-40e0-896f-4310950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:40.000Z",
"modified": "2017-09-11T14:42:40.000Z",
"pattern": "[url:value = 'http://team.givati.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e0-cf3c-4b2f-a9a0-4c76950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:40.000Z",
"modified": "2017-09-11T14:42:40.000Z",
"pattern": "[domain-name:value = 'team.givati.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e0-df78-4e27-aeff-4566950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:40.000Z",
"modified": "2017-09-11T14:42:40.000Z",
"pattern": "[url:value = 'http://test.holdtime.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e0-578c-4f5c-b96b-4123950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:40.000Z",
"modified": "2017-09-11T14:42:40.000Z",
"pattern": "[domain-name:value = 'test.holdtime.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:40Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e1-3a3c-46f1-bbf6-47ad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:41.000Z",
"modified": "2017-09-11T14:42:41.000Z",
"pattern": "[url:value = 'http://thenovelgroup.com/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e1-352c-49c0-b4f2-4836950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:41.000Z",
"modified": "2017-09-11T14:42:41.000Z",
"pattern": "[domain-name:value = 'thenovelgroup.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e2-ad14-4539-8b8a-4926950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:42.000Z",
"modified": "2017-09-11T14:42:42.000Z",
"pattern": "[url:value = 'http://tor4.biz/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e2-4194-4589-9e25-4309950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:42.000Z",
"modified": "2017-09-11T14:42:42.000Z",
"pattern": "[domain-name:value = 'tor4.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e2-4314-4f08-b111-4378950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:42.000Z",
"modified": "2017-09-11T14:42:42.000Z",
"pattern": "[url:value = 'http://triumf.rbs62.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e3-7d38-4f81-b69d-4efc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:42.000Z",
"modified": "2017-09-11T14:42:42.000Z",
"pattern": "[domain-name:value = 'triumf.rbs62.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e3-8f50-4d86-9f27-4ee7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:43.000Z",
"modified": "2017-09-11T14:42:43.000Z",
"pattern": "[url:value = 'http://umo.holdtime.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e3-38b8-48a3-aaf3-409c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:43.000Z",
"modified": "2017-09-11T14:42:43.000Z",
"pattern": "[domain-name:value = 'umo.holdtime.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e3-229c-4cae-9a37-49a2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:43.000Z",
"modified": "2017-09-11T14:42:43.000Z",
"pattern": "[url:value = 'http://urstab.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e4-6a64-40a8-bef9-4ec4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:44.000Z",
"modified": "2017-09-11T14:42:44.000Z",
"pattern": "[domain-name:value = 'urstab.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:44.000Z",
"modified": "2017-09-11T14:42:44.000Z",
"first_observed": "2017-09-11T14:42:44Z",
"last_observed": "2017-09-11T14:42:44Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f",
"ipv4-addr--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f",
"dst_ref": "ipv4-addr--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0e4-ba90-4c39-8f0f-4fbd950d210f",
"value": "81.177.135.41"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e4-361c-4c7b-881e-4f71950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:44.000Z",
"modified": "2017-09-11T14:42:44.000Z",
"pattern": "[url:value = 'http://visa-sport.ru/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e4-5a2c-4651-b824-420a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:44.000Z",
"modified": "2017-09-11T14:42:44.000Z",
"pattern": "[domain-name:value = 'visa-sport.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:44Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e5-2dd0-4983-8f0d-47e0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:45.000Z",
"modified": "2017-09-11T14:42:45.000Z",
"pattern": "[url:value = 'http://webmail.tor4.biz/w/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e5-ec10-4f6c-958b-410b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:45.000Z",
"modified": "2017-09-11T14:42:45.000Z",
"pattern": "[domain-name:value = 'webmail.tor4.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e5-3da0-4036-9cfa-424c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:45.000Z",
"modified": "2017-09-11T14:42:45.000Z",
"pattern": "[url:value = 'http://wittinhohemmo.net/load.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e6-d2c0-44f8-9f1d-fc5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:46.000Z",
"modified": "2017-09-11T14:42:46.000Z",
"pattern": "[domain-name:value = 'wittinhohemmo.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0e6-3bb0-473e-801e-4d9e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:46.000Z",
"modified": "2017-09-11T14:42:46.000Z",
"first_observed": "2017-09-11T14:42:46Z",
"last_observed": "2017-09-11T14:42:46Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0e6-3bb0-473e-801e-4d9e950d210f",
"ipv4-addr--59b6a0e6-3bb0-473e-801e-4d9e950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0e6-3bb0-473e-801e-4d9e950d210f",
"dst_ref": "ipv4-addr--59b6a0e6-3bb0-473e-801e-4d9e950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0e6-3bb0-473e-801e-4d9e950d210f",
"value": "47.88.55.29"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e6-b9c8-45b0-98c4-4077950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:46.000Z",
"modified": "2017-09-11T14:42:46.000Z",
"pattern": "[url:value = 'http://phuket-olivia-yoga.com/isklsvx.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:46Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e7-9dfc-43db-b96b-4961950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:47.000Z",
"modified": "2017-09-11T14:42:47.000Z",
"pattern": "[domain-name:value = 'phuket-olivia-yoga.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0e7-444c-4a19-94f3-4004950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:47.000Z",
"modified": "2017-09-11T14:42:47.000Z",
"first_observed": "2017-09-11T14:42:47Z",
"last_observed": "2017-09-11T14:42:47Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0e7-444c-4a19-94f3-4004950d210f",
"ipv4-addr--59b6a0e7-444c-4a19-94f3-4004950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0e7-444c-4a19-94f3-4004950d210f",
"dst_ref": "ipv4-addr--59b6a0e7-444c-4a19-94f3-4004950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0e7-444c-4a19-94f3-4004950d210f",
"value": "208.86.184.66"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e7-f7fc-4ba2-acaa-40c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:47.000Z",
"modified": "2017-09-11T14:42:47.000Z",
"pattern": "[url:value = 'http://setincon.com/brpxsfr.exe']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e7-0a90-43bb-b195-47ed950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:47.000Z",
"modified": "2017-09-11T14:42:47.000Z",
"pattern": "[domain-name:value = 'setincon.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0e8-2b18-43c7-beec-49f9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:48.000Z",
"modified": "2017-09-11T14:42:48.000Z",
"first_observed": "2017-09-11T14:42:48Z",
"last_observed": "2017-09-11T14:42:48Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0e8-2b18-43c7-beec-49f9950d210f",
"ipv4-addr--59b6a0e8-2b18-43c7-beec-49f9950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0e8-2b18-43c7-beec-49f9950d210f",
"dst_ref": "ipv4-addr--59b6a0e8-2b18-43c7-beec-49f9950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0e8-2b18-43c7-beec-49f9950d210f",
"value": "64.6.250.196"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0e8-df70-413c-bf5d-4038950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:48.000Z",
"modified": "2017-09-11T14:42:48.000Z",
"first_observed": "2017-09-11T14:42:48Z",
"last_observed": "2017-09-11T14:42:48Z",
"number_observed": 1,
"object_refs": [
"url--59b6a0e8-df70-413c-bf5d-4038950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59b6a0e8-df70-413c-bf5d-4038950d210f",
"value": "http://188.127.239.10/imageload.cgi"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0e9-b694-463b-982f-fc5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:49.000Z",
"modified": "2017-09-11T14:42:49.000Z",
"first_observed": "2017-09-11T14:42:49Z",
"last_observed": "2017-09-11T14:42:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0e9-b694-463b-982f-fc5a950d210f",
"ipv4-addr--59b6a0e9-b694-463b-982f-fc5a950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0e9-b694-463b-982f-fc5a950d210f",
"dst_ref": "ipv4-addr--59b6a0e9-b694-463b-982f-fc5a950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0e9-b694-463b-982f-fc5a950d210f",
"value": "188.127.239.10"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0e9-faf0-47cd-8fce-408a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:49.000Z",
"modified": "2017-09-11T14:42:49.000Z",
"first_observed": "2017-09-11T14:42:49Z",
"last_observed": "2017-09-11T14:42:49Z",
"number_observed": 1,
"object_refs": [
"url--59b6a0e9-faf0-47cd-8fce-408a950d210f"
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59b6a0e9-faf0-47cd-8fce-408a950d210f",
"value": "http://185.67.2.156/imageload.cgi"
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0e9-c660-46cf-ba0c-40c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:49.000Z",
"modified": "2017-09-11T14:42:49.000Z",
"first_observed": "2017-09-11T14:42:49Z",
"last_observed": "2017-09-11T14:42:49Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0e9-c660-46cf-ba0c-40c3950d210f",
"ipv4-addr--59b6a0e9-c660-46cf-ba0c-40c3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0e9-c660-46cf-ba0c-40c3950d210f",
"dst_ref": "ipv4-addr--59b6a0e9-c660-46cf-ba0c-40c3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0e9-c660-46cf-ba0c-40c3950d210f",
"value": "185.67.2.156"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e9-8a6c-4da4-8071-4776950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:49.000Z",
"modified": "2017-09-11T14:42:49.000Z",
"pattern": "[url:value = 'http://hcpedowpqrgw.biz/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0e9-1ae0-4629-a9ac-456e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:49.000Z",
"modified": "2017-09-11T14:42:49.000Z",
"pattern": "[domain-name:value = 'hcpedowpqrgw.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:49Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ea-d034-493e-9f02-43d2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:50.000Z",
"modified": "2017-09-11T14:42:50.000Z",
"pattern": "[url:value = 'http://vkhwgkp.biz/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ea-8b50-439f-b3dc-421a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:50.000Z",
"modified": "2017-09-11T14:42:50.000Z",
"pattern": "[domain-name:value = 'vkhwgkp.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ea-db5c-45e6-95e6-4fe9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:50.000Z",
"modified": "2017-09-11T14:42:50.000Z",
"pattern": "[url:value = 'http://evruhqgfyyw.pl/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ea-5360-4b1a-9c87-41be950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:50.000Z",
"modified": "2017-09-11T14:42:50.000Z",
"pattern": "[domain-name:value = 'evruhqgfyyw.pl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0eb-efe0-487a-89d8-477e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:51.000Z",
"modified": "2017-09-11T14:42:51.000Z",
"pattern": "[url:value = 'http://ybtjrjdtkxeakbcre.biz/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0eb-e9e8-44ea-89dc-4e48950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:51.000Z",
"modified": "2017-09-11T14:42:51.000Z",
"pattern": "[domain-name:value = 'ybtjrjdtkxeakbcre.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0eb-0880-4327-baa2-40dc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:51.000Z",
"modified": "2017-09-11T14:42:51.000Z",
"pattern": "[url:value = 'http://daohevtnaju.biz/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0eb-a70c-4a23-af70-432c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:51.000Z",
"modified": "2017-09-11T14:42:51.000Z",
"pattern": "[domain-name:value = 'daohevtnaju.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0eb-9cec-4666-8785-4290950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:51.000Z",
"modified": "2017-09-11T14:42:51.000Z",
"pattern": "[url:value = 'http://giogbxgijr.pw/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:51Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ec-03f0-493f-8daf-4ac2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:52.000Z",
"modified": "2017-09-11T14:42:52.000Z",
"pattern": "[domain-name:value = 'giogbxgijr.pw']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59b6a0ec-769c-4be2-b54d-48c1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:52.000Z",
"modified": "2017-09-11T14:42:52.000Z",
"first_observed": "2017-09-11T14:42:52Z",
"last_observed": "2017-09-11T14:42:52Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59b6a0ec-769c-4be2-b54d-48c1950d210f",
"ipv4-addr--59b6a0ec-769c-4be2-b54d-48c1950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59b6a0ec-769c-4be2-b54d-48c1950d210f",
"dst_ref": "ipv4-addr--59b6a0ec-769c-4be2-b54d-48c1950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59b6a0ec-769c-4be2-b54d-48c1950d210f",
"value": "141.8.226.58"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ec-424c-407d-80ac-49a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:52.000Z",
"modified": "2017-09-11T14:42:52.000Z",
"pattern": "[url:value = 'http://dljyopb.org/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ec-bcb0-40d8-af8b-461a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:52.000Z",
"modified": "2017-09-11T14:42:52.000Z",
"pattern": "[domain-name:value = 'dljyopb.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ec-6cf4-451f-b949-43fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:52.000Z",
"modified": "2017-09-11T14:42:52.000Z",
"pattern": "[url:value = 'http://mdojgtygelmlfxmiu.work/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:52Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ed-aa4c-4b1a-8729-4535950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:53.000Z",
"modified": "2017-09-11T14:42:53.000Z",
"pattern": "[domain-name:value = 'mdojgtygelmlfxmiu.work']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ed-67b4-48d3-9a61-4781950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:53.000Z",
"modified": "2017-09-11T14:42:53.000Z",
"pattern": "[url:value = 'http://cykyqrpomfks.ru/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ed-3d3c-470e-accb-fc5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:53.000Z",
"modified": "2017-09-11T14:42:53.000Z",
"pattern": "[domain-name:value = 'cykyqrpomfks.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ed-c0c0-45a4-8dec-4a6b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:53.000Z",
"modified": "2017-09-11T14:42:53.000Z",
"pattern": "[url:value = 'http://qjxyuqlikgmkagbns.info/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:53Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ee-f498-4980-8420-4941950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:54.000Z",
"modified": "2017-09-11T14:42:54.000Z",
"pattern": "[domain-name:value = 'qjxyuqlikgmkagbns.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ee-043c-4aae-be8a-4f5d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:54.000Z",
"modified": "2017-09-11T14:42:54.000Z",
"pattern": "[url:value = 'http://oxqtrmlafwhumnni.info/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ee-a400-4701-a612-44a6950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:54.000Z",
"modified": "2017-09-11T14:42:54.000Z",
"pattern": "[domain-name:value = 'oxqtrmlafwhumnni.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:54Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ef-0140-44c4-85bd-401f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:55.000Z",
"modified": "2017-09-11T14:42:55.000Z",
"pattern": "[url:value = 'http://nxlrplajhv.biz/imageload.cgi']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59b6a0ef-1634-4dc4-9471-42fa950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-09-11T14:42:55.000Z",
"modified": "2017-09-11T14:42:55.000Z",
"pattern": "[domain-name:value = 'nxlrplajhv.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-09-11T14:42:55Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink