adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a05d1d7-5710-44c0-869f-4a52950d210f.json

997 lines
40 KiB
JSON
Raw Normal View History

chg: [feed] added
2023-04-21 13:25:09 +00:00
{
chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
"type": "bundle",
"id": "bundle--5a05d1d7-5710-44c0-869f-4a52950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:24:38.000Z",
"modified": "2017-11-11T09:24:38.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a05d1d7-5710-44c0-869f-4a52950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:24:38.000Z",
"modified": "2017-11-11T09:24:38.000Z",
"name": "M2M - Locky 2017-11-09 : Affid=3, offline, \".asasin\" : \"Documents\" - \"ABY001234.doc\"",
"published": "2017-11-13T07:36:06Z",
"object_refs": [
"indicator--5a05d1d8-8e44-43d0-a1df-401a950d210f",
"indicator--5a05d1d9-1848-4c8d-b015-41a9950d210f",
"indicator--5a05d1d9-9288-4392-9409-4ed2950d210f",
"observed-data--5a05d1d9-b514-40d0-b9d8-4cb2950d210f",
"network-traffic--5a05d1d9-b514-40d0-b9d8-4cb2950d210f",
"ipv4-addr--5a05d1d9-b514-40d0-b9d8-4cb2950d210f",
"indicator--5a05d1d9-e514-49da-8321-4978950d210f",
"indicator--5a05d1da-1468-45f2-99c6-4f76950d210f",
"observed-data--5a05d1da-2248-4d1d-9872-418c950d210f",
"network-traffic--5a05d1da-2248-4d1d-9872-418c950d210f",
"ipv4-addr--5a05d1da-2248-4d1d-9872-418c950d210f",
"indicator--5a05d1da-5fd4-4816-b70a-440d950d210f",
"indicator--5a05d1da-bc80-4bcd-8033-4312950d210f",
"observed-data--5a05d1da-a830-44ba-8f5c-486d950d210f",
"network-traffic--5a05d1da-a830-44ba-8f5c-486d950d210f",
"ipv4-addr--5a05d1da-a830-44ba-8f5c-486d950d210f",
"indicator--5a05d1db-afa4-4a2f-b5bf-4d70950d210f",
"indicator--5a05d1db-d7f4-4733-ad6f-4541950d210f",
"observed-data--5a05d1db-3ab4-4412-937f-44ff950d210f",
"network-traffic--5a05d1db-3ab4-4412-937f-44ff950d210f",
"ipv4-addr--5a05d1db-3ab4-4412-937f-44ff950d210f",
"indicator--5a05d1db-7300-4976-b97b-4e5a950d210f",
"indicator--5a05d1db-db54-417e-9bce-426d950d210f",
"observed-data--5a05d1dc-af4c-40ca-9ae1-42dc950d210f",
"network-traffic--5a05d1dc-af4c-40ca-9ae1-42dc950d210f",
"ipv4-addr--5a05d1dc-af4c-40ca-9ae1-42dc950d210f",
"indicator--5a05d1dc-c900-4364-a0ce-4216950d210f",
"indicator--5a05d1dc-a534-428f-9e6f-4c75950d210f",
"observed-data--5a05d1dd-5450-4bf5-9c10-4cae950d210f",
"network-traffic--5a05d1dd-5450-4bf5-9c10-4cae950d210f",
"ipv4-addr--5a05d1dd-5450-4bf5-9c10-4cae950d210f",
"indicator--5a05d1de-e7a0-4ca5-bc42-40e9950d210f",
"indicator--5a05d1de-4700-45aa-b2aa-4a85950d210f",
"observed-data--5a05d1df-3048-462e-a124-4179950d210f",
"network-traffic--5a05d1df-3048-462e-a124-4179950d210f",
"ipv4-addr--5a05d1df-3048-462e-a124-4179950d210f",
"indicator--5a05d1df-5be8-4b1c-bdad-43e7950d210f",
"indicator--5a05d1df-91cc-452f-ac9b-4fa1950d210f",
"observed-data--5a05d1df-48f8-4264-ba87-4b42950d210f",
"network-traffic--5a05d1df-48f8-4264-ba87-4b42950d210f",
"ipv4-addr--5a05d1df-48f8-4264-ba87-4b42950d210f",
"indicator--5a05d1df-96b0-4a41-8b65-4b7f950d210f",
"indicator--5a05d1e0-a330-412f-8735-49f0950d210f",
"observed-data--5a05d1e0-c3e8-4f7f-9da4-43df950d210f",
"network-traffic--5a05d1e0-c3e8-4f7f-9da4-43df950d210f",
"ipv4-addr--5a05d1e0-c3e8-4f7f-9da4-43df950d210f",
"indicator--5a05d1e0-a154-4155-bc30-4527950d210f",
"indicator--5a05d1e0-9844-41ae-be5b-463c950d210f",
"observed-data--5a05d1e0-c49c-4af4-b577-4bec950d210f",
"network-traffic--5a05d1e0-c49c-4af4-b577-4bec950d210f",
"ipv4-addr--5a05d1e0-c49c-4af4-b577-4bec950d210f",
"indicator--5a06bf4c-fec8-4a12-bbc8-44ba02de0b81",
"indicator--5a06bf4c-d7dc-4c01-aec0-4e2d02de0b81",
"observed-data--5a06bf4c-e650-4a59-a072-421002de0b81",
"url--5a06bf4c-e650-4a59-a072-421002de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"ecsirt:malicious-code=\"ransomware\"",
"misp-galaxy:ransomware=\"Locky\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1d8-8e44-43d0-a1df-401a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:47.000Z",
"modified": "2017-11-11T09:13:47.000Z",
"pattern": "[file:hashes.MD5 = '64d55acb693c58656eb3004b595d782c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1d9-1848-4c8d-b015-41a9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:47.000Z",
"modified": "2017-11-11T09:13:47.000Z",
"pattern": "[url:value = 'http://hofgrund.de/505']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1d9-9288-4392-9409-4ed2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:47.000Z",
"modified": "2017-11-11T09:13:47.000Z",
"pattern": "[domain-name:value = 'hofgrund.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a05d1d9-b514-40d0-b9d8-4cb2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:47.000Z",
"modified": "2017-11-11T09:13:47.000Z",
"first_observed": "2017-11-11T09:13:47Z",
"last_observed": "2017-11-11T09:13:47Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a05d1d9-b514-40d0-b9d8-4cb2950d210f",
"ipv4-addr--5a05d1d9-b514-40d0-b9d8-4cb2950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a05d1d9-b514-40d0-b9d8-4cb2950d210f",
"dst_ref": "ipv4-addr--5a05d1d9-b514-40d0-b9d8-4cb2950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a05d1d9-b514-40d0-b9d8-4cb2950d210f",
"value": "78.111.75.239"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1d9-e514-49da-8321-4978950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:47.000Z",
"modified": "2017-11-11T09:13:47.000Z",
"pattern": "[url:value = 'http://holidays-auction.com/505']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1da-1468-45f2-99c6-4f76950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:47.000Z",
"modified": "2017-11-11T09:13:47.000Z",
"pattern": "[domain-name:value = 'holidays-auction.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a05d1da-2248-4d1d-9872-418c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:47.000Z",
"modified": "2017-11-11T09:13:47.000Z",
"first_observed": "2017-11-11T09:13:47Z",
"last_observed": "2017-11-11T09:13:47Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a05d1da-2248-4d1d-9872-418c950d210f",
"ipv4-addr--5a05d1da-2248-4d1d-9872-418c950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a05d1da-2248-4d1d-9872-418c950d210f",
"dst_ref": "ipv4-addr--5a05d1da-2248-4d1d-9872-418c950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a05d1da-2248-4d1d-9872-418c950d210f",
"value": "82.165.139.233"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1da-5fd4-4816-b70a-440d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:47.000Z",
"modified": "2017-11-11T09:13:47.000Z",
"pattern": "[url:value = 'http://horoskoperstellung.com/505']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1da-bc80-4bcd-8033-4312950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:47.000Z",
"modified": "2017-11-11T09:13:47.000Z",
"pattern": "[domain-name:value = 'horoskoperstellung.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:47Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a05d1da-a830-44ba-8f5c-486d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:47.000Z",
"modified": "2017-11-11T09:13:47.000Z",
"first_observed": "2017-11-11T09:13:47Z",
"last_observed": "2017-11-11T09:13:47Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a05d1da-a830-44ba-8f5c-486d950d210f",
"ipv4-addr--5a05d1da-a830-44ba-8f5c-486d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a05d1da-a830-44ba-8f5c-486d950d210f",
"dst_ref": "ipv4-addr--5a05d1da-a830-44ba-8f5c-486d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a05d1da-a830-44ba-8f5c-486d950d210f",
"value": "213.203.202.31"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1db-afa4-4a2f-b5bf-4d70950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"pattern": "[url:value = 'http://jw-portal.hosting-jw.de/505']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1db-d7f4-4733-ad6f-4541950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"pattern": "[domain-name:value = 'jw-portal.hosting-jw.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a05d1db-3ab4-4412-937f-44ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"first_observed": "2017-11-11T09:13:48Z",
"last_observed": "2017-11-11T09:13:48Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a05d1db-3ab4-4412-937f-44ff950d210f",
"ipv4-addr--5a05d1db-3ab4-4412-937f-44ff950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a05d1db-3ab4-4412-937f-44ff950d210f",
"dst_ref": "ipv4-addr--5a05d1db-3ab4-4412-937f-44ff950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a05d1db-3ab4-4412-937f-44ff950d210f",
"value": "85.214.130.145"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1db-7300-4976-b97b-4e5a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"pattern": "[url:value = 'http://maydakookt.indepenmedia.nl/505']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1db-db54-417e-9bce-426d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"pattern": "[domain-name:value = 'maydakookt.indepenmedia.nl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a05d1dc-af4c-40ca-9ae1-42dc950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"first_observed": "2017-11-11T09:13:48Z",
"last_observed": "2017-11-11T09:13:48Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a05d1dc-af4c-40ca-9ae1-42dc950d210f",
"ipv4-addr--5a05d1dc-af4c-40ca-9ae1-42dc950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a05d1dc-af4c-40ca-9ae1-42dc950d210f",
"dst_ref": "ipv4-addr--5a05d1dc-af4c-40ca-9ae1-42dc950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a05d1dc-af4c-40ca-9ae1-42dc950d210f",
"value": "85.17.156.101"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1dc-c900-4364-a0ce-4216950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"pattern": "[url:value = 'http://with-hair.co.jp/505']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1dc-a534-428f-9e6f-4c75950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"pattern": "[domain-name:value = 'with-hair.co.jp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a05d1dd-5450-4bf5-9c10-4cae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"first_observed": "2017-11-11T09:13:48Z",
"last_observed": "2017-11-11T09:13:48Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a05d1dd-5450-4bf5-9c10-4cae950d210f",
"ipv4-addr--5a05d1dd-5450-4bf5-9c10-4cae950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a05d1dd-5450-4bf5-9c10-4cae950d210f",
"dst_ref": "ipv4-addr--5a05d1dd-5450-4bf5-9c10-4cae950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a05d1dd-5450-4bf5-9c10-4cae950d210f",
"value": "27.85.233.43"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1de-e7a0-4ca5-bc42-40e9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"pattern": "[url:value = 'http://primeassociatesinc.com/kjgjhdg4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1de-4700-45aa-b2aa-4a85950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"pattern": "[domain-name:value = 'primeassociatesinc.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a05d1df-3048-462e-a124-4179950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"first_observed": "2017-11-11T09:13:48Z",
"last_observed": "2017-11-11T09:13:48Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a05d1df-3048-462e-a124-4179950d210f",
"ipv4-addr--5a05d1df-3048-462e-a124-4179950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a05d1df-3048-462e-a124-4179950d210f",
"dst_ref": "ipv4-addr--5a05d1df-3048-462e-a124-4179950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a05d1df-3048-462e-a124-4179950d210f",
"value": "209.54.51.32"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1df-5be8-4b1c-bdad-43e7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"pattern": "[url:value = 'http://336.linux1.testsider.dk/kjgjhdg4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1df-91cc-452f-ac9b-4fa1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"pattern": "[domain-name:value = '336.linux1.testsider.dk']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a05d1df-48f8-4264-ba87-4b42950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"first_observed": "2017-11-11T09:13:48Z",
"last_observed": "2017-11-11T09:13:48Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a05d1df-48f8-4264-ba87-4b42950d210f",
"ipv4-addr--5a05d1df-48f8-4264-ba87-4b42950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a05d1df-48f8-4264-ba87-4b42950d210f",
"dst_ref": "ipv4-addr--5a05d1df-48f8-4264-ba87-4b42950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a05d1df-48f8-4264-ba87-4b42950d210f",
"value": "77.243.131.16"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1df-96b0-4a41-8b65-4b7f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"pattern": "[url:value = 'http://vallei-elektrotechniek.nl/kjgjhdg4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1e0-a330-412f-8735-49f0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"pattern": "[domain-name:value = 'vallei-elektrotechniek.nl']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a05d1e0-c3e8-4f7f-9da4-43df950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"first_observed": "2017-11-11T09:13:48Z",
"last_observed": "2017-11-11T09:13:48Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a05d1e0-c3e8-4f7f-9da4-43df950d210f",
"ipv4-addr--5a05d1e0-c3e8-4f7f-9da4-43df950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a05d1e0-c3e8-4f7f-9da4-43df950d210f",
"dst_ref": "ipv4-addr--5a05d1e0-c3e8-4f7f-9da4-43df950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a05d1e0-c3e8-4f7f-9da4-43df950d210f",
"value": "149.210.137.37"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1e0-a154-4155-bc30-4527950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"pattern": "[url:value = 'http://testbxc.u-host.ru/kjgjhdg4']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a05d1e0-9844-41ae-be5b-463c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"pattern": "[domain-name:value = 'testbxc.u-host.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a05d1e0-c49c-4af4-b577-4bec950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"first_observed": "2017-11-11T09:13:48Z",
"last_observed": "2017-11-11T09:13:48Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a05d1e0-c49c-4af4-b577-4bec950d210f",
"ipv4-addr--5a05d1e0-c49c-4af4-b577-4bec950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a05d1e0-c49c-4af4-b577-4bec950d210f",
"dst_ref": "ipv4-addr--5a05d1e0-c49c-4af4-b577-4bec950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a05d1e0-c49c-4af4-b577-4bec950d210f",
"value": "212.220.124.233"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a06bf4c-fec8-4a12-bbc8-44ba02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"description": "- Xchecked via VT: 64d55acb693c58656eb3004b595d782c",
"pattern": "[file:hashes.SHA256 = 'e37ffad79863d12a3b62190d653d8e4d7f0b88c261d83e85639699829db06f51']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a06bf4c-d7dc-4c01-aec0-4e2d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"description": "- Xchecked via VT: 64d55acb693c58656eb3004b595d782c",
"pattern": "[file:hashes.SHA1 = '742e7976bafb4e9f437dd30d0faa48a8a4671ab5']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-11-11T09:13:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a06bf4c-e650-4a59-a072-421002de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-11-11T09:13:48.000Z",
"modified": "2017-11-11T09:13:48.000Z",
"first_observed": "2017-11-11T09:13:48Z",
"last_observed": "2017-11-11T09:13:48Z",
"number_observed": 1,
"object_refs": [
"url--5a06bf4c-e650-4a59-a072-421002de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a06bf4c-e650-4a59-a072-421002de0b81",
"value": "https://www.virustotal.com/file/e37ffad79863d12a3b62190d653d8e4d7f0b88c261d83e85639699829db06f51/analysis/1510323832/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
chg: [feed] added
2023-04-21 13:25:09 +00:00
]
}
Reference in a new issue Copy permalink