adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a044feb-cda0-4844-b5f0-2214950d210f.json

1189 lines
47 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5a044feb-cda0-4844-b5f0-2214950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:57.000Z",
"modified": "2017-11-09T20:57:57.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a044feb-cda0-4844-b5f0-2214950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:57.000Z",
"modified": "2017-11-09T20:57:57.000Z",
"name": "M2M - Locky 2017-11-03 : Affid=3, offline, \".asasin\" : \"Scanned image from MX-2600N\" - \"20171103_123456.doc\"",
"published": "2017-11-09T20:59:17Z",
"object_refs": [
"indicator--5a044fec-f524-41fc-8865-75a9950d210f",
"indicator--5a044fed-6f00-4baa-b022-4cfd950d210f",
"indicator--5a044fed-2e84-4587-a638-4751950d210f",
"observed-data--5a044fed-7894-4890-a0a2-991b950d210f",
"network-traffic--5a044fed-7894-4890-a0a2-991b950d210f",
"ipv4-addr--5a044fed-7894-4890-a0a2-991b950d210f",
"indicator--5a044fed-b0d4-4426-937d-43b4950d210f",
"indicator--5a044fee-a7b0-4069-bf11-cda3950d210f",
"indicator--5a044ff7-7674-4d8c-9596-2214950d210f",
"indicator--5a044ff8-f574-49a0-afe2-4976950d210f",
"observed-data--5a044ff8-d9f8-495b-a11d-4d06950d210f",
"network-traffic--5a044ff8-d9f8-495b-a11d-4d06950d210f",
"ipv4-addr--5a044ff8-d9f8-495b-a11d-4d06950d210f",
"indicator--5a044ff8-9090-4be9-986a-75a9950d210f",
"indicator--5a044ff8-4fd0-4326-908a-4829950d210f",
"indicator--5a044ff9-3154-45cf-9bd2-991b950d210f",
"indicator--5a044ff9-2db4-4df3-8004-4582950d210f",
"observed-data--5a044ff9-f2a0-4dac-b725-717b950d210f",
"network-traffic--5a044ff9-f2a0-4dac-b725-717b950d210f",
"ipv4-addr--5a044ff9-f2a0-4dac-b725-717b950d210f",
"indicator--5a044ffa-f278-4e4a-baec-cda3950d210f",
"indicator--5a044ffa-6388-4155-959f-45d7950d210f",
"observed-data--5a044ffa-21bc-4cbb-9b9e-41eb950d210f",
"network-traffic--5a044ffa-21bc-4cbb-9b9e-41eb950d210f",
"ipv4-addr--5a044ffa-21bc-4cbb-9b9e-41eb950d210f",
"indicator--5a044ffa-8784-424a-9f41-cd7d950d210f",
"indicator--5a044ffa-6a70-4f12-86ee-cdb1950d210f",
"indicator--5a045019-b49c-4ab1-af1e-4bcf950d210f",
"indicator--5a045019-5050-44ec-bbe5-717b950d210f",
"observed-data--5a04501a-67f4-411f-86ae-cda3950d210f",
"network-traffic--5a04501a-67f4-411f-86ae-cda3950d210f",
"ipv4-addr--5a04501a-67f4-411f-86ae-cda3950d210f",
"indicator--5a04501a-1e60-42f3-877a-416e950d210f",
"indicator--5a04501a-f530-4544-8853-42a4950d210f",
"observed-data--5a04501b-6870-42ac-91f8-47bc950d210f",
"network-traffic--5a04501b-6870-42ac-91f8-47bc950d210f",
"ipv4-addr--5a04501b-6870-42ac-91f8-47bc950d210f",
"indicator--5a04501b-9bc0-43f0-a2d2-cd7d950d210f",
"indicator--5a04501b-b5e4-48f9-a097-cdb1950d210f",
"observed-data--5a04501c-5960-4c09-a66b-2214950d210f",
"network-traffic--5a04501c-5960-4c09-a66b-2214950d210f",
"ipv4-addr--5a04501c-5960-4c09-a66b-2214950d210f",
"indicator--5a04501c-9940-4606-ab46-4b38950d210f",
"indicator--5a04501c-af58-4df0-9f87-cdb4950d210f",
"observed-data--5a04501d-2d3c-42b1-a945-cd35950d210f",
"network-traffic--5a04501d-2d3c-42b1-a945-cd35950d210f",
"ipv4-addr--5a04501d-2d3c-42b1-a945-cd35950d210f",
"indicator--5a04501d-fe00-4fcb-bb88-45ff950d210f",
"indicator--5a04501d-9d98-4447-b8d7-cc6f950d210f",
"observed-data--5a04501d-9f10-423d-b00b-75a9950d210f",
"network-traffic--5a04501d-9f10-423d-b00b-75a9950d210f",
"ipv4-addr--5a04501d-9f10-423d-b00b-75a9950d210f",
"indicator--5a04501e-6e10-4c26-9d36-4bfc950d210f",
"indicator--5a04501e-6d70-4cb2-aa7e-cdab950d210f",
"observed-data--5a04501e-e6f8-44ce-96c8-4f95950d210f",
"network-traffic--5a04501e-e6f8-44ce-96c8-4f95950d210f",
"ipv4-addr--5a04501e-e6f8-44ce-96c8-4f95950d210f",
"indicator--5a04501e-8ff0-4078-bc2e-991b950d210f",
"indicator--5a04501f-8b24-490c-861c-48d9950d210f",
"indicator--5a04c147-52f0-4649-a1bc-4c0202de0b81",
"indicator--5a04c147-a0d0-4cd1-aeb0-4e7602de0b81",
"observed-data--5a04c147-2bf4-4e41-afaf-49be02de0b81",
"url--5a04c147-2bf4-4e41-afaf-49be02de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Locky\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fec-f524-41fc-8865-75a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:42.000Z",
"modified": "2017-11-09T20:57:42.000Z",
"pattern": "[file:hashes.MD5 = '1f608125c16f3396000f6ec9d929d6c9']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fed-6f00-4baa-b022-4cfd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:42.000Z",
"modified": "2017-11-09T20:57:42.000Z",
"pattern": "[url:value = 'http://336.linux1.testsider.dk/lbMld6sGda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fed-2e84-4587-a638-4751950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:42.000Z",
"modified": "2017-11-09T20:57:42.000Z",
"pattern": "[domain-name:value = '336.linux1.testsider.dk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044fed-7894-4890-a0a2-991b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:42.000Z",
"modified": "2017-11-09T20:57:42.000Z",
"first_observed": "2017-11-09T20:57:42Z",
"last_observed": "2017-11-09T20:57:42Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044fed-7894-4890-a0a2-991b950d210f",
"ipv4-addr--5a044fed-7894-4890-a0a2-991b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044fed-7894-4890-a0a2-991b950d210f",
"dst_ref": "ipv4-addr--5a044fed-7894-4890-a0a2-991b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044fed-7894-4890-a0a2-991b950d210f",
"value": "77.243.131.16"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fed-b0d4-4426-937d-43b4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:42.000Z",
"modified": "2017-11-09T20:57:42.000Z",
"pattern": "[url:value = 'http://betadesign.es/lbMld6sGda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044fee-a7b0-4069-bf11-cda3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:42.000Z",
"modified": "2017-11-09T20:57:42.000Z",
"pattern": "[domain-name:value = 'betadesign.es']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ff7-7674-4d8c-9596-2214950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:42.000Z",
"modified": "2017-11-09T20:57:42.000Z",
"pattern": "[url:value = 'http://comercialarques.es/lbMld6sGda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ff8-f574-49a0-afe2-4976950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:42.000Z",
"modified": "2017-11-09T20:57:42.000Z",
"pattern": "[domain-name:value = 'comercialarques.es']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ff8-d9f8-495b-a11d-4d06950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:42.000Z",
"modified": "2017-11-09T20:57:42.000Z",
"first_observed": "2017-11-09T20:57:42Z",
"last_observed": "2017-11-09T20:57:42Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ff8-d9f8-495b-a11d-4d06950d210f",
"ipv4-addr--5a044ff8-d9f8-495b-a11d-4d06950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ff8-d9f8-495b-a11d-4d06950d210f",
"dst_ref": "ipv4-addr--5a044ff8-d9f8-495b-a11d-4d06950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ff8-d9f8-495b-a11d-4d06950d210f",
"value": "31.47.74.202"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ff8-9090-4be9-986a-75a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:42.000Z",
"modified": "2017-11-09T20:57:42.000Z",
"pattern": "[url:value = 'http://deltaled.es/lbMld6sGda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ff8-4fd0-4326-908a-4829950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:42.000Z",
"modified": "2017-11-09T20:57:42.000Z",
"pattern": "[domain-name:value = 'deltaled.es']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ff9-3154-45cf-9bd2-991b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:42.000Z",
"modified": "2017-11-09T20:57:42.000Z",
"pattern": "[url:value = 'http://testbxc.u-host.ru/lbMld6sGda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ff9-2db4-4df3-8004-4582950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:42.000Z",
"modified": "2017-11-09T20:57:42.000Z",
"pattern": "[domain-name:value = 'testbxc.u-host.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ff9-f2a0-4dac-b725-717b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:42.000Z",
"modified": "2017-11-09T20:57:42.000Z",
"first_observed": "2017-11-09T20:57:42Z",
"last_observed": "2017-11-09T20:57:42Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ff9-f2a0-4dac-b725-717b950d210f",
"ipv4-addr--5a044ff9-f2a0-4dac-b725-717b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ff9-f2a0-4dac-b725-717b950d210f",
"dst_ref": "ipv4-addr--5a044ff9-f2a0-4dac-b725-717b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ff9-f2a0-4dac-b725-717b950d210f",
"value": "212.220.124.233"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ffa-f278-4e4a-baec-cda3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[url:value = 'http://unbescheiden.net/lbMld6sGda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ffa-6388-4155-959f-45d7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[domain-name:value = 'unbescheiden.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a044ffa-21bc-4cbb-9b9e-41eb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"first_observed": "2017-11-09T20:57:43Z",
"last_observed": "2017-11-09T20:57:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a044ffa-21bc-4cbb-9b9e-41eb950d210f",
"ipv4-addr--5a044ffa-21bc-4cbb-9b9e-41eb950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a044ffa-21bc-4cbb-9b9e-41eb950d210f",
"dst_ref": "ipv4-addr--5a044ffa-21bc-4cbb-9b9e-41eb950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a044ffa-21bc-4cbb-9b9e-41eb950d210f",
"value": "212.223.152.138"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ffa-8784-424a-9f41-cd7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[url:value = 'http://watchez.biz/lbMld6sGda']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a044ffa-6a70-4f12-86ee-cdb1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[domain-name:value = 'watchez.biz']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a045019-b49c-4ab1-af1e-4bcf950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[url:value = 'http://pabxconsultants.co.za/dhYtebv3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a045019-5050-44ec-bbe5-717b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[domain-name:value = 'pabxconsultants.co.za']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a04501a-67f4-411f-86ae-cda3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"first_observed": "2017-11-09T20:57:43Z",
"last_observed": "2017-11-09T20:57:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a04501a-67f4-411f-86ae-cda3950d210f",
"ipv4-addr--5a04501a-67f4-411f-86ae-cda3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a04501a-67f4-411f-86ae-cda3950d210f",
"dst_ref": "ipv4-addr--5a04501a-67f4-411f-86ae-cda3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a04501a-67f4-411f-86ae-cda3950d210f",
"value": "41.72.154.151"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04501a-1e60-42f3-877a-416e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[url:value = 'http://san-syo.co.jp/dhYtebv3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04501a-f530-4544-8853-42a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[domain-name:value = 'san-syo.co.jp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a04501b-6870-42ac-91f8-47bc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"first_observed": "2017-11-09T20:57:43Z",
"last_observed": "2017-11-09T20:57:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a04501b-6870-42ac-91f8-47bc950d210f",
"ipv4-addr--5a04501b-6870-42ac-91f8-47bc950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a04501b-6870-42ac-91f8-47bc950d210f",
"dst_ref": "ipv4-addr--5a04501b-6870-42ac-91f8-47bc950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a04501b-6870-42ac-91f8-47bc950d210f",
"value": "219.94.169.237"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04501b-9bc0-43f0-a2d2-cd7d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[url:value = 'http://saranville.com/dhYtebv3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04501b-b5e4-48f9-a097-cdb1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[domain-name:value = 'saranville.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a04501c-5960-4c09-a66b-2214950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"first_observed": "2017-11-09T20:57:43Z",
"last_observed": "2017-11-09T20:57:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a04501c-5960-4c09-a66b-2214950d210f",
"ipv4-addr--5a04501c-5960-4c09-a66b-2214950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a04501c-5960-4c09-a66b-2214950d210f",
"dst_ref": "ipv4-addr--5a04501c-5960-4c09-a66b-2214950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a04501c-5960-4c09-a66b-2214950d210f",
"value": "27.254.148.14"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04501c-9940-4606-ab46-4b38950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[url:value = 'http://pwmsteel.com/dhYtebv3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04501c-af58-4df0-9f87-cdb4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[domain-name:value = 'pwmsteel.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a04501d-2d3c-42b1-a945-cd35950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"first_observed": "2017-11-09T20:57:43Z",
"last_observed": "2017-11-09T20:57:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a04501d-2d3c-42b1-a945-cd35950d210f",
"ipv4-addr--5a04501d-2d3c-42b1-a945-cd35950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a04501d-2d3c-42b1-a945-cd35950d210f",
"dst_ref": "ipv4-addr--5a04501d-2d3c-42b1-a945-cd35950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a04501d-2d3c-42b1-a945-cd35950d210f",
"value": "50.21.229.37"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04501d-fe00-4fcb-bb88-45ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[url:value = 'http://visualindesign.be/dhYtebv3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04501d-9d98-4447-b8d7-cc6f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[domain-name:value = 'visualindesign.be']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a04501d-9f10-423d-b00b-75a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"first_observed": "2017-11-09T20:57:43Z",
"last_observed": "2017-11-09T20:57:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a04501d-9f10-423d-b00b-75a9950d210f",
"ipv4-addr--5a04501d-9f10-423d-b00b-75a9950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a04501d-9f10-423d-b00b-75a9950d210f",
"dst_ref": "ipv4-addr--5a04501d-9f10-423d-b00b-75a9950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a04501d-9f10-423d-b00b-75a9950d210f",
"value": "5.135.178.149"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04501e-6e10-4c26-9d36-4bfc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[url:value = 'http://twonkygames.com/dhYtebv3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04501e-6d70-4cb2-aa7e-cdab950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[domain-name:value = 'twonkygames.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a04501e-e6f8-44ce-96c8-4f95950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"first_observed": "2017-11-09T20:57:43Z",
"last_observed": "2017-11-09T20:57:43Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a04501e-e6f8-44ce-96c8-4f95950d210f",
"ipv4-addr--5a04501e-e6f8-44ce-96c8-4f95950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a04501e-e6f8-44ce-96c8-4f95950d210f",
"dst_ref": "ipv4-addr--5a04501e-e6f8-44ce-96c8-4f95950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a04501e-e6f8-44ce-96c8-4f95950d210f",
"value": "85.25.242.138"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04501e-8ff0-4078-bc2e-991b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[url:value = 'http://evengrollighromsof.net/p66/dhYtebv3']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04501f-8b24-490c-861c-48d9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"pattern": "[domain-name:value = 'evengrollighromsof.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04c147-52f0-4649-a1bc-4c0202de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"description": "- Xchecked via VT: 1f608125c16f3396000f6ec9d929d6c9",
"pattern": "[file:hashes.SHA256 = '73e8748f6a3a584a41ebc691083f060ff6fd030729415e5f12a6e8b0294990d0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a04c147-a0d0-4cd1-aeb0-4e7602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"description": "- Xchecked via VT: 1f608125c16f3396000f6ec9d929d6c9",
"pattern": "[file:hashes.SHA1 = '1fd9f901ab7f51a542e455b51e6442040d3fa39c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-09T20:57:43Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a04c147-2bf4-4e41-afaf-49be02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-09T20:57:43.000Z",
"modified": "2017-11-09T20:57:43.000Z",
"first_observed": "2017-11-09T20:57:43Z",
"last_observed": "2017-11-09T20:57:43Z",
"number_observed": 1,
"object_refs": [
"url--5a04c147-2bf4-4e41-afaf-49be02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a04c147-2bf4-4e41-afaf-49be02de0b81",
"value": "https://www.virustotal.com/file/73e8748f6a3a584a41ebc691083f060ff6fd030729415e5f12a6e8b0294990d0/analysis/1510056897/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink