2023-06-14 17:31:25 +00:00
|
|
|
{
|
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--59d480ba-a7cc-4041-8470-4647950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:09.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:09.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "grouping",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "grouping--59d480ba-a7cc-4041-8470-4647950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:09.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:09.000Z",
|
|
|
|
"name": "M2M - Locky 2017-10-03 : Affid=3, offline, \".ykcol\" : \"Emailing - DOC123\" - \"DOC123.7z\"",
|
|
|
|
"context": "suspicious-activity",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--59d480bb-aba8-45fd-b40a-46bd950d210f",
|
|
|
|
"indicator--59d480bb-e56c-4642-8e7c-dd82950d210f",
|
|
|
|
"indicator--59d480bb-616c-478c-9cb6-4fb8950d210f",
|
|
|
|
"observed-data--59d480bc-ab8c-41ce-a602-6a98950d210f",
|
|
|
|
"network-traffic--59d480bc-ab8c-41ce-a602-6a98950d210f",
|
|
|
|
"ipv4-addr--59d480bc-ab8c-41ce-a602-6a98950d210f",
|
|
|
|
"indicator--59d480bd-827c-4805-addc-4fcd950d210f",
|
|
|
|
"indicator--59d480bd-11ec-4a1e-a167-dd7d950d210f",
|
|
|
|
"observed-data--59d480bd-add8-4985-b92f-40c8950d210f",
|
|
|
|
"network-traffic--59d480bd-add8-4985-b92f-40c8950d210f",
|
|
|
|
"ipv4-addr--59d480bd-add8-4985-b92f-40c8950d210f",
|
|
|
|
"indicator--59d480bd-bd08-4a33-af0e-dbc4950d210f",
|
|
|
|
"indicator--59d480be-5fd0-42af-9334-4890950d210f",
|
|
|
|
"indicator--59d480dc-287c-49e2-ab55-4224950d210f",
|
|
|
|
"indicator--59d480dc-4c14-4b62-891e-dd7d950d210f",
|
|
|
|
"observed-data--59d480de-5b54-4988-a5e9-430f950d210f",
|
|
|
|
"network-traffic--59d480de-5b54-4988-a5e9-430f950d210f",
|
|
|
|
"ipv4-addr--59d480de-5b54-4988-a5e9-430f950d210f",
|
|
|
|
"indicator--59d480de-a008-4552-8903-4ed9950d210f",
|
|
|
|
"indicator--59d480de-55b0-476b-93dc-43c2950d210f",
|
|
|
|
"observed-data--59d480de-f6fc-40c4-9d6d-4846950d210f",
|
|
|
|
"network-traffic--59d480de-f6fc-40c4-9d6d-4846950d210f",
|
|
|
|
"ipv4-addr--59d480de-f6fc-40c4-9d6d-4846950d210f",
|
|
|
|
"indicator--59d480df-8790-4ce6-b7e5-4c7f950d210f",
|
|
|
|
"indicator--59d480df-ee64-4037-8419-45f4950d210f",
|
|
|
|
"observed-data--59d480df-8ee4-4188-8230-dd7d950d210f",
|
|
|
|
"network-traffic--59d480df-8ee4-4188-8230-dd7d950d210f",
|
|
|
|
"ipv4-addr--59d480df-8ee4-4188-8230-dd7d950d210f",
|
|
|
|
"indicator--59d480df-e884-47af-9bd9-dd82950d210f",
|
|
|
|
"indicator--59d480e0-9504-4447-93f8-4611950d210f",
|
|
|
|
"observed-data--59d480e0-ec34-44be-84d7-4025950d210f",
|
|
|
|
"network-traffic--59d480e0-ec34-44be-84d7-4025950d210f",
|
|
|
|
"ipv4-addr--59d480e0-ec34-44be-84d7-4025950d210f",
|
|
|
|
"indicator--59d480e0-f6a0-42e9-9f24-6d43950d210f",
|
|
|
|
"indicator--59d480e0-63b0-49ac-9ea7-4483950d210f",
|
|
|
|
"observed-data--59d480e1-b9d0-41f9-b481-4fb9950d210f",
|
|
|
|
"network-traffic--59d480e1-b9d0-41f9-b481-4fb9950d210f",
|
|
|
|
"ipv4-addr--59d480e1-b9d0-41f9-b481-4fb9950d210f",
|
|
|
|
"indicator--59d480e1-3ebc-4f76-ae00-6a98950d210f",
|
|
|
|
"indicator--59d480e1-88fc-4375-a668-6e37950d210f",
|
|
|
|
"observed-data--59d480e1-e5d4-432c-94a6-4fe4950d210f",
|
|
|
|
"network-traffic--59d480e1-e5d4-432c-94a6-4fe4950d210f",
|
|
|
|
"ipv4-addr--59d480e1-e5d4-432c-94a6-4fe4950d210f",
|
|
|
|
"indicator--59d480e2-7678-4cc6-946e-4d6b950d210f",
|
|
|
|
"indicator--59d480e2-12b8-42a9-820b-dd7d950d210f",
|
|
|
|
"observed-data--59d480e2-9068-4c31-bd5b-44cf950d210f",
|
|
|
|
"network-traffic--59d480e2-9068-4c31-bd5b-44cf950d210f",
|
|
|
|
"ipv4-addr--59d480e2-9068-4c31-bd5b-44cf950d210f",
|
|
|
|
"indicator--59d480e3-bd54-4aa7-8736-46b1950d210f",
|
|
|
|
"indicator--59d480e3-0e60-4264-b2e9-6d43950d210f",
|
|
|
|
"observed-data--59d480e3-c45c-4a33-a796-49fe950d210f",
|
|
|
|
"network-traffic--59d480e3-c45c-4a33-a796-49fe950d210f",
|
|
|
|
"ipv4-addr--59d480e3-c45c-4a33-a796-49fe950d210f",
|
|
|
|
"indicator--59d480e3-c54c-4e59-81d3-4123950d210f",
|
|
|
|
"indicator--59d480e3-c010-4d94-b48a-6a98950d210f",
|
|
|
|
"observed-data--59d480e4-bf14-4285-b832-6e37950d210f",
|
|
|
|
"network-traffic--59d480e4-bf14-4285-b832-6e37950d210f",
|
|
|
|
"ipv4-addr--59d480e4-bf14-4285-b832-6e37950d210f",
|
|
|
|
"indicator--59d480e4-5860-489d-a690-4717950d210f",
|
|
|
|
"indicator--59d480e4-e8e0-4b4e-b2f6-4609950d210f",
|
|
|
|
"observed-data--59d480e5-8fc4-4596-8240-dd7d950d210f",
|
|
|
|
"network-traffic--59d480e5-8fc4-4596-8240-dd7d950d210f",
|
|
|
|
"ipv4-addr--59d480e5-8fc4-4596-8240-dd7d950d210f",
|
|
|
|
"indicator--59d480e5-9f50-4861-be8e-1b2c950d210f",
|
|
|
|
"indicator--59d480e5-0ea8-4b22-bf54-4b56950d210f",
|
|
|
|
"observed-data--59d480e6-65b4-4c38-af3f-dbc4950d210f",
|
|
|
|
"network-traffic--59d480e6-65b4-4c38-af3f-dbc4950d210f",
|
|
|
|
"ipv4-addr--59d480e6-65b4-4c38-af3f-dbc4950d210f",
|
|
|
|
"indicator--59d480e7-9df4-4a57-842e-6a98950d210f",
|
|
|
|
"indicator--59d480e7-acc0-4436-8c9a-6e37950d210f",
|
|
|
|
"observed-data--59d480e7-89a0-4116-b3d0-42ee950d210f",
|
|
|
|
"network-traffic--59d480e7-89a0-4116-b3d0-42ee950d210f",
|
|
|
|
"ipv4-addr--59d480e7-89a0-4116-b3d0-42ee950d210f",
|
|
|
|
"indicator--59d480e7-83a0-409e-81f1-4b79950d210f",
|
|
|
|
"indicator--59d480e8-3c14-4a35-85d5-43a1950d210f",
|
|
|
|
"observed-data--59d480e8-62f0-4c10-85de-1b2c950d210f",
|
|
|
|
"network-traffic--59d480e8-62f0-4c10-85de-1b2c950d210f",
|
|
|
|
"ipv4-addr--59d480e8-62f0-4c10-85de-1b2c950d210f",
|
|
|
|
"indicator--59d480e8-1668-413b-8bf3-47a3950d210f",
|
|
|
|
"indicator--59d480e9-56f0-46b8-a7ac-4a24950d210f",
|
|
|
|
"observed-data--59d480e9-9e9c-444b-8e88-4620950d210f",
|
|
|
|
"network-traffic--59d480e9-9e9c-444b-8e88-4620950d210f",
|
|
|
|
"ipv4-addr--59d480e9-9e9c-444b-8e88-4620950d210f",
|
|
|
|
"indicator--59d480e9-a7c8-43d7-937e-dbc4950d210f",
|
|
|
|
"indicator--59d480e9-32c0-4061-aebe-4d57950d210f",
|
|
|
|
"observed-data--59d480ea-06fc-4040-a126-6e37950d210f",
|
|
|
|
"network-traffic--59d480ea-06fc-4040-a126-6e37950d210f",
|
|
|
|
"ipv4-addr--59d480ea-06fc-4040-a126-6e37950d210f",
|
|
|
|
"indicator--59d480ea-61c8-463f-9eb8-4d80950d210f",
|
|
|
|
"indicator--59d480ea-3db0-4c77-b852-4d0e950d210f",
|
|
|
|
"observed-data--59d480eb-ad34-4677-99f5-dd7d950d210f",
|
|
|
|
"network-traffic--59d480eb-ad34-4677-99f5-dd7d950d210f",
|
|
|
|
"ipv4-addr--59d480eb-ad34-4677-99f5-dd7d950d210f",
|
|
|
|
"observed-data--59d49cfa-28e8-4633-bb40-458f02de0b81",
|
|
|
|
"url--59d49cfa-28e8-4633-bb40-458f02de0b81",
|
|
|
|
"observed-data--59d486ba-ee54-49db-82ad-475902de0b81",
|
|
|
|
"url--59d486ba-ee54-49db-82ad-475902de0b81",
|
|
|
|
"indicator--59d486ba-e218-4d68-b028-46cb02de0b81",
|
|
|
|
"indicator--59d486ba-5a48-4bb5-a2c5-492902de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
|
|
"misp-galaxy:ransomware=\"Locky\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480bb-aba8-45fd-b40a-46bd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'b75bd60dc3686fe62eb4a4a8372be966']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480bb-e56c-4642-8e7c-dd82950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://420ent.com/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480bb-616c-478c-9cb6-4fb8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = '420ent.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480bc-ab8c-41ce-a602-6a98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480bc-ab8c-41ce-a602-6a98950d210f",
|
|
|
|
"ipv4-addr--59d480bc-ab8c-41ce-a602-6a98950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480bc-ab8c-41ce-a602-6a98950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480bc-ab8c-41ce-a602-6a98950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480bc-ab8c-41ce-a602-6a98950d210f",
|
|
|
|
"value": "98.124.251.72"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480bd-827c-4805-addc-4fcd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://acaciainvestigations.com/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480bd-11ec-4a1e-a167-dd7d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'acaciainvestigations.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480bd-add8-4985-b92f-40c8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480bd-add8-4985-b92f-40c8950d210f",
|
|
|
|
"ipv4-addr--59d480bd-add8-4985-b92f-40c8950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480bd-add8-4985-b92f-40c8950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480bd-add8-4985-b92f-40c8950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480bd-add8-4985-b92f-40c8950d210f",
|
|
|
|
"value": "208.79.200.25"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480bd-bd08-4a33-af0e-dbc4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://aimonino.info/p66/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480be-5fd0-42af-9334-4890950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'aimonino.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480dc-287c-49e2-ab55-4224950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://atez.vn/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480dc-4c14-4b62-891e-dd7d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'atez.vn']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480de-5b54-4988-a5e9-430f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480de-5b54-4988-a5e9-430f950d210f",
|
|
|
|
"ipv4-addr--59d480de-5b54-4988-a5e9-430f950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480de-5b54-4988-a5e9-430f950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480de-5b54-4988-a5e9-430f950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480de-5b54-4988-a5e9-430f950d210f",
|
|
|
|
"value": "203.162.31.116"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480de-a008-4552-8903-4ed9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://chimachinenow.com/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480de-55b0-476b-93dc-43c2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'chimachinenow.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480de-f6fc-40c4-9d6d-4846950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480de-f6fc-40c4-9d6d-4846950d210f",
|
|
|
|
"ipv4-addr--59d480de-f6fc-40c4-9d6d-4846950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480de-f6fc-40c4-9d6d-4846950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480de-f6fc-40c4-9d6d-4846950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480de-f6fc-40c4-9d6d-4846950d210f",
|
|
|
|
"value": "199.30.241.139"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480df-8790-4ce6-b7e5-4c7f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://dbatee.gr/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480df-ee64-4037-8419-45f4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'dbatee.gr']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480df-8ee4-4188-8230-dd7d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480df-8ee4-4188-8230-dd7d950d210f",
|
|
|
|
"ipv4-addr--59d480df-8ee4-4188-8230-dd7d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480df-8ee4-4188-8230-dd7d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480df-8ee4-4188-8230-dd7d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480df-8ee4-4188-8230-dd7d950d210f",
|
|
|
|
"value": "62.103.152.100"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480df-e884-47af-9bd9-dd82950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://envi-herzog.de/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e0-9504-4447-93f8-4611950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'envi-herzog.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480e0-ec34-44be-84d7-4025950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480e0-ec34-44be-84d7-4025950d210f",
|
|
|
|
"ipv4-addr--59d480e0-ec34-44be-84d7-4025950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480e0-ec34-44be-84d7-4025950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480e0-ec34-44be-84d7-4025950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480e0-ec34-44be-84d7-4025950d210f",
|
|
|
|
"value": "194.116.187.130"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e0-f6a0-42e9-9f24-6d43950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://eternallyclassicjewelry.com/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e0-63b0-49ac-9ea7-4483950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'eternallyclassicjewelry.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480e1-b9d0-41f9-b481-4fb9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480e1-b9d0-41f9-b481-4fb9950d210f",
|
|
|
|
"ipv4-addr--59d480e1-b9d0-41f9-b481-4fb9950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480e1-b9d0-41f9-b481-4fb9950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480e1-b9d0-41f9-b481-4fb9950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480e1-b9d0-41f9-b481-4fb9950d210f",
|
|
|
|
"value": "98.124.251.166"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e1-3ebc-4f76-ae00-6a98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://matern-eger.de/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e1-88fc-4375-a668-6e37950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'matern-eger.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480e1-e5d4-432c-94a6-4fe4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480e1-e5d4-432c-94a6-4fe4950d210f",
|
|
|
|
"ipv4-addr--59d480e1-e5d4-432c-94a6-4fe4950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480e1-e5d4-432c-94a6-4fe4950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480e1-e5d4-432c-94a6-4fe4950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480e1-e5d4-432c-94a6-4fe4950d210f",
|
|
|
|
"value": "87.106.222.105"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e2-7678-4cc6-946e-4d6b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mysushi.it/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e2-12b8-42a9-820b-dd7d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mysushi.it']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480e2-9068-4c31-bd5b-44cf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480e2-9068-4c31-bd5b-44cf950d210f",
|
|
|
|
"ipv4-addr--59d480e2-9068-4c31-bd5b-44cf950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480e2-9068-4c31-bd5b-44cf950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480e2-9068-4c31-bd5b-44cf950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480e2-9068-4c31-bd5b-44cf950d210f",
|
|
|
|
"value": "93.174.71.137"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e3-bd54-4aa7-8736-46b1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://phmetreci.com/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e3-0e60-4264-b2e9-6d43950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'phmetreci.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480e3-c45c-4a33-a796-49fe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480e3-c45c-4a33-a796-49fe950d210f",
|
|
|
|
"ipv4-addr--59d480e3-c45c-4a33-a796-49fe950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480e3-c45c-4a33-a796-49fe950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480e3-c45c-4a33-a796-49fe950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480e3-c45c-4a33-a796-49fe950d210f",
|
|
|
|
"value": "185.150.128.21"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e3-c54c-4e59-81d3-4123950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://placecomp.com/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e3-c010-4d94-b48a-6a98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'placecomp.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480e4-bf14-4285-b832-6e37950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:01.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:01.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480e4-bf14-4285-b832-6e37950d210f",
|
|
|
|
"ipv4-addr--59d480e4-bf14-4285-b832-6e37950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480e4-bf14-4285-b832-6e37950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480e4-bf14-4285-b832-6e37950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480e4-bf14-4285-b832-6e37950d210f",
|
|
|
|
"value": "74.208.88.65"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e4-5860-489d-a690-4717950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"pattern": "[url:value = 'http://restaurantelburladero.com/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e4-e8e0-4b4e-b2f6-4609950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'restaurantelburladero.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480e5-8fc4-4596-8240-dd7d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480e5-8fc4-4596-8240-dd7d950d210f",
|
|
|
|
"ipv4-addr--59d480e5-8fc4-4596-8240-dd7d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480e5-8fc4-4596-8240-dd7d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480e5-8fc4-4596-8240-dd7d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480e5-8fc4-4596-8240-dd7d950d210f",
|
|
|
|
"value": "5.2.88.79"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e5-9f50-4861-be8e-1b2c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"pattern": "[url:value = 'http://runkel.com.mx/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e5-0ea8-4b22-bf54-4b56950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'runkel.com.mx']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480e6-65b4-4c38-af3f-dbc4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480e6-65b4-4c38-af3f-dbc4950d210f",
|
|
|
|
"ipv4-addr--59d480e6-65b4-4c38-af3f-dbc4950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480e6-65b4-4c38-af3f-dbc4950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480e6-65b4-4c38-af3f-dbc4950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480e6-65b4-4c38-af3f-dbc4950d210f",
|
|
|
|
"value": "173.201.253.230"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e7-9df4-4a57-842e-6a98950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"pattern": "[url:value = 'http://sabines-marmeladen.de/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e7-acc0-4436-8c9a-6e37950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'sabines-marmeladen.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480e7-89a0-4116-b3d0-42ee950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480e7-89a0-4116-b3d0-42ee950d210f",
|
|
|
|
"ipv4-addr--59d480e7-89a0-4116-b3d0-42ee950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480e7-89a0-4116-b3d0-42ee950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480e7-89a0-4116-b3d0-42ee950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480e7-89a0-4116-b3d0-42ee950d210f",
|
|
|
|
"value": "178.77.75.180"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e7-83a0-409e-81f1-4b79950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"pattern": "[url:value = 'http://sancorbr.com.br/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e8-3c14-4a35-85d5-43a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'sancorbr.com.br']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480e8-62f0-4c10-85de-1b2c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480e8-62f0-4c10-85de-1b2c950d210f",
|
|
|
|
"ipv4-addr--59d480e8-62f0-4c10-85de-1b2c950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480e8-62f0-4c10-85de-1b2c950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480e8-62f0-4c10-85de-1b2c950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480e8-62f0-4c10-85de-1b2c950d210f",
|
|
|
|
"value": "69.64.57.170"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e8-1668-413b-8bf3-47a3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"pattern": "[url:value = 'http://shanta.de/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e9-56f0-46b8-a7ac-4a24950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'shanta.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480e9-9e9c-444b-8e88-4620950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480e9-9e9c-444b-8e88-4620950d210f",
|
|
|
|
"ipv4-addr--59d480e9-9e9c-444b-8e88-4620950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480e9-9e9c-444b-8e88-4620950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480e9-9e9c-444b-8e88-4620950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480e9-9e9c-444b-8e88-4620950d210f",
|
|
|
|
"value": "83.169.1.28"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e9-a7c8-43d7-937e-dbc4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"pattern": "[url:value = 'http://studioslefteris.gr/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480e9-32c0-4061-aebe-4d57950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'studioslefteris.gr']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480ea-06fc-4040-a126-6e37950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480ea-06fc-4040-a126-6e37950d210f",
|
|
|
|
"ipv4-addr--59d480ea-06fc-4040-a126-6e37950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480ea-06fc-4040-a126-6e37950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480ea-06fc-4040-a126-6e37950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480ea-06fc-4040-a126-6e37950d210f",
|
|
|
|
"value": "158.69.151.250"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480ea-61c8-463f-9eb8-4d80950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"pattern": "[url:value = 'http://yoma888.com/uyitfu65uy']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d480ea-3db0-4c77-b852-4d0e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'yoma888.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d480eb-ad34-4677-99f5-dd7d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59d480eb-ad34-4677-99f5-dd7d950d210f",
|
|
|
|
"ipv4-addr--59d480eb-ad34-4677-99f5-dd7d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59d480eb-ad34-4677-99f5-dd7d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59d480eb-ad34-4677-99f5-dd7d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59d480eb-ad34-4677-99f5-dd7d950d210f",
|
|
|
|
"value": "60.199.166.77"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d49cfa-28e8-4633-bb40-458f02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--59d49cfa-28e8-4633-bb40-458f02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--59d49cfa-28e8-4633-bb40-458f02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/d57fbae4df7a967f388644f9abd118c1efe25d7d54e5d78d24355ced9d427f01/analysis/1507105280/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59d486ba-ee54-49db-82ad-475902de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"first_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"last_observed": "2017-10-04T08:34:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--59d486ba-ee54-49db-82ad-475902de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--59d486ba-ee54-49db-82ad-475902de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/d57fbae4df7a967f388644f9abd118c1efe25d7d54e5d78d24355ced9d427f01/analysis/1507059034/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d486ba-e218-4d68-b028-46cb02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"description": "- Xchecked via VT: b75bd60dc3686fe62eb4a4a8372be966",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '68fc9c06dec69b161e940c385dd1b229f4f972b2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59d486ba-5a48-4bb5-a2c5-492902de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-10-04T08:34:02.000Z",
|
|
|
|
"modified": "2017-10-04T08:34:02.000Z",
|
|
|
|
"description": "- Xchecked via VT: b75bd60dc3686fe62eb4a4a8372be966",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'd57fbae4df7a967f388644f9abd118c1efe25d7d54e5d78d24355ced9d427f01']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-10-04T08:34:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
|
|
|
]
|
|
|
|
}
|