adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/misp/5a3bc375-9994-4da9-81c8-4ae4950d210f.json

919 lines
37 KiB
JSON
Raw Normal View History

chg: [feed] feed updated
2023-06-14 17:31:25 +00:00
{
"type": "bundle",
"id": "bundle--5a3bc375-9994-4da9-81c8-4ae4950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T09:00:02.000Z",
"modified": "2017-12-22T09:00:02.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "grouping",
"spec_version": "2.1",
"id": "grouping--5a3bc375-9994-4da9-81c8-4ae4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T09:00:02.000Z",
"modified": "2017-12-22T09:00:02.000Z",
"name": "M2M - GlobeImposter \"..doc\" 2017-12-21 : \"Emailing:\n IMG_20171221...\" - \"IMG_20171221_123456789.7z\"",
"context": "suspicious-activity",
"object_refs": [
"indicator--5a3bc375-de0c-47ae-af32-45c5950d210f",
"indicator--5a3bc376-5f9c-4992-a153-4c05950d210f",
"indicator--5a3bc378-8954-4209-bea4-4011950d210f",
"indicator--5a3bc379-ac38-4cbf-9304-45d1950d210f",
"observed-data--5a3bc37a-f64c-4eee-92ba-427e950d210f",
"network-traffic--5a3bc37a-f64c-4eee-92ba-427e950d210f",
"ipv4-addr--5a3bc37a-f64c-4eee-92ba-427e950d210f",
"indicator--5a3bc37b-c260-420e-9178-4b9b950d210f",
"indicator--5a3bc37c-9f38-46de-a8de-4713950d210f",
"observed-data--5a3bc37d-f7dc-4258-b593-41c2950d210f",
"network-traffic--5a3bc37d-f7dc-4258-b593-41c2950d210f",
"ipv4-addr--5a3bc37d-f7dc-4258-b593-41c2950d210f",
"indicator--5a3bc37e-54c0-4d7d-a89f-4089950d210f",
"indicator--5a3bc37f-ea88-4ab1-8811-4af1950d210f",
"observed-data--5a3bc380-b65c-40e8-ad73-41c3950d210f",
"network-traffic--5a3bc380-b65c-40e8-ad73-41c3950d210f",
"ipv4-addr--5a3bc380-b65c-40e8-ad73-41c3950d210f",
"indicator--5a3bc381-5220-4b01-b9b9-4043950d210f",
"indicator--5a3bc382-2fd4-4d3e-a16c-4061950d210f",
"observed-data--5a3bc384-4eb4-46f4-97df-4023950d210f",
"network-traffic--5a3bc384-4eb4-46f4-97df-4023950d210f",
"ipv4-addr--5a3bc384-4eb4-46f4-97df-4023950d210f",
"indicator--5a3bc385-6590-4606-9803-4a12950d210f",
"indicator--5a3bc386-7418-4367-b4ff-455d950d210f",
"observed-data--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
"network-traffic--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
"ipv4-addr--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
"indicator--5a3bc388-c17c-4ba3-a574-4365950d210f",
"indicator--5a3bc389-80a8-4af8-9ed5-4efd950d210f",
"observed-data--5a3bc38a-76b8-4392-825d-48d0950d210f",
"network-traffic--5a3bc38a-76b8-4392-825d-48d0950d210f",
"ipv4-addr--5a3bc38a-76b8-4392-825d-48d0950d210f",
"indicator--5a3bc38b-58c8-4bfd-a772-409f950d210f",
"indicator--5a3bc38d-aed8-4dda-b3bf-4cc3950d210f",
"observed-data--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
"network-traffic--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
"ipv4-addr--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
"indicator--5a3bc390-aa34-4c5f-bc2b-4c76950d210f",
"indicator--5a3bc391-d2f8-4838-a1c0-4443950d210f",
"observed-data--5a3bc393-e048-4eca-adfe-4674950d210f",
"network-traffic--5a3bc393-e048-4eca-adfe-4674950d210f",
"ipv4-addr--5a3bc393-e048-4eca-adfe-4674950d210f",
"indicator--5e0141dd-e62d-46be-8334-e694d79e1948",
"x-misp-object--f43c4029-244c-4480-bd5a-f66813f29880",
"indicator--43c2c13e-5c17-437d-b1e2-1d313df6a66c",
"x-misp-object--07ce48ac-3329-4f1f-8035-67b5c734832f",
"relationship--b4f0a659-7528-43c9-9ce3-02e504deca05",
"relationship--c68de53a-dc89-414b-b2f1-7560c375de4f"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc375-de0c-47ae-af32-45c5950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T14:21:41.000Z",
"modified": "2017-12-21T14:21:41.000Z",
"pattern": "[file:hashes.MD5 = '413a1ee232d056934a5b6fe29d689bed']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T14:21:41Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc376-5f9c-4992-a153-4c05950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-21T14:21:42.000Z",
"modified": "2017-12-21T14:21:42.000Z",
"pattern": "[file:hashes.MD5 = '40b0769ba2e5d575cdd325b81ffd8792']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-21T14:21:42Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Payload delivery"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Payload delivery\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc378-8954-4209-bea4-4011950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[url:value = 'http://www.g-v-s.ru/psndhFTwd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc379-ac38-4cbf-9304-45d1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[domain-name:value = 'www.g-v-s.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a3bc37a-f64c-4eee-92ba-427e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"first_observed": "2017-12-22T08:59:45Z",
"last_observed": "2017-12-22T08:59:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a3bc37a-f64c-4eee-92ba-427e950d210f",
"ipv4-addr--5a3bc37a-f64c-4eee-92ba-427e950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a3bc37a-f64c-4eee-92ba-427e950d210f",
"dst_ref": "ipv4-addr--5a3bc37a-f64c-4eee-92ba-427e950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a3bc37a-f64c-4eee-92ba-427e950d210f",
"value": "31.31.196.244"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc37b-c260-420e-9178-4b9b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[url:value = 'http://www.homody.com/psndhFTwd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc37c-9f38-46de-a8de-4713950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[domain-name:value = 'www.homody.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a3bc37d-f7dc-4258-b593-41c2950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"first_observed": "2017-12-22T08:59:45Z",
"last_observed": "2017-12-22T08:59:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a3bc37d-f7dc-4258-b593-41c2950d210f",
"ipv4-addr--5a3bc37d-f7dc-4258-b593-41c2950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a3bc37d-f7dc-4258-b593-41c2950d210f",
"dst_ref": "ipv4-addr--5a3bc37d-f7dc-4258-b593-41c2950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a3bc37d-f7dc-4258-b593-41c2950d210f",
"value": "184.154.46.39"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc37e-54c0-4d7d-a89f-4089950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[url:value = 'http://www.mcwhorterdesign.com/psndhFTwd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc37f-ea88-4ab1-8811-4af1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[domain-name:value = 'www.mcwhorterdesign.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a3bc380-b65c-40e8-ad73-41c3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"first_observed": "2017-12-22T08:59:45Z",
"last_observed": "2017-12-22T08:59:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a3bc380-b65c-40e8-ad73-41c3950d210f",
"ipv4-addr--5a3bc380-b65c-40e8-ad73-41c3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a3bc380-b65c-40e8-ad73-41c3950d210f",
"dst_ref": "ipv4-addr--5a3bc380-b65c-40e8-ad73-41c3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a3bc380-b65c-40e8-ad73-41c3950d210f",
"value": "184.168.38.1"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc381-5220-4b01-b9b9-4043950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[url:value = 'http://www.seffafkartvizitim.com/psndhFTwd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc382-2fd4-4d3e-a16c-4061950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[domain-name:value = 'www.seffafkartvizitim.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a3bc384-4eb4-46f4-97df-4023950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"first_observed": "2017-12-22T08:59:45Z",
"last_observed": "2017-12-22T08:59:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a3bc384-4eb4-46f4-97df-4023950d210f",
"ipv4-addr--5a3bc384-4eb4-46f4-97df-4023950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a3bc384-4eb4-46f4-97df-4023950d210f",
"dst_ref": "ipv4-addr--5a3bc384-4eb4-46f4-97df-4023950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a3bc384-4eb4-46f4-97df-4023950d210f",
"value": "185.111.232.52"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc385-6590-4606-9803-4a12950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[url:value = 'http://www.topanswertips.info/psndhFTwd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc386-7418-4367-b4ff-455d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[domain-name:value = 'www.topanswertips.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"first_observed": "2017-12-22T08:59:45Z",
"last_observed": "2017-12-22T08:59:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
"ipv4-addr--5a3bc387-a4b4-4062-8b13-4d8d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
"dst_ref": "ipv4-addr--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a3bc387-a4b4-4062-8b13-4d8d950d210f",
"value": "50.62.25.129"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc388-c17c-4ba3-a574-4365950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[url:value = 'http://www.tuminsaat.com/psndhFTwd']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc389-80a8-4af8-9ed5-4efd950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[domain-name:value = 'www.tuminsaat.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a3bc38a-76b8-4392-825d-48d0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"first_observed": "2017-12-22T08:59:45Z",
"last_observed": "2017-12-22T08:59:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a3bc38a-76b8-4392-825d-48d0950d210f",
"ipv4-addr--5a3bc38a-76b8-4392-825d-48d0950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a3bc38a-76b8-4392-825d-48d0950d210f",
"dst_ref": "ipv4-addr--5a3bc38a-76b8-4392-825d-48d0950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a3bc38a-76b8-4392-825d-48d0950d210f",
"value": "50.62.232.1"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc38b-58c8-4bfd-a772-409f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[url:value = 'https://topyzscsu5poprxy.onion.link/shfgealjh.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc38d-aed8-4dda-b3bf-4cc3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[domain-name:value = 'topyzscsu5poprxy.onion.link']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"first_observed": "2017-12-22T08:59:45Z",
"last_observed": "2017-12-22T08:59:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
"ipv4-addr--5a3bc38f-50cc-48d5-9ab1-487a950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
"dst_ref": "ipv4-addr--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a3bc38f-50cc-48d5-9ab1-487a950d210f",
"value": "103.198.0.2"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc390-aa34-4c5f-bc2b-4c76950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[url:value = 'http://psoeiras.net/js/count.php?nu=105&fb=110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a3bc391-d2f8-4838-a1c0-4443950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"pattern": "[domain-name:value = 'psoeiras.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:45Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a3bc393-e048-4eca-adfe-4674950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:45.000Z",
"modified": "2017-12-22T08:59:45.000Z",
"first_observed": "2017-12-22T08:59:45Z",
"last_observed": "2017-12-22T08:59:45Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a3bc393-e048-4eca-adfe-4674950d210f",
"ipv4-addr--5a3bc393-e048-4eca-adfe-4674950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a3bc393-e048-4eca-adfe-4674950d210f",
"dst_ref": "ipv4-addr--5a3bc393-e048-4eca-adfe-4674950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a3bc393-e048-4eca-adfe-4674950d210f",
"value": "74.220.219.67"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5e0141dd-e62d-46be-8334-e694d79e1948",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:48.000Z",
"modified": "2017-12-22T08:59:48.000Z",
"pattern": "[file:hashes.MD5 = '40b0769ba2e5d575cdd325b81ffd8792' AND file:hashes.SHA1 = '88793e0e6329cbfa02a7f6ad2f80a4d6fa01ff0f' AND file:hashes.SHA256 = '410efb1938ab06cf29acbcd24a3eca81c5d6d0c84778997adad1b5f0ecfb455c']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:48Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--f43c4029-244c-4480-bd5a-f66813f29880",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:47.000Z",
"modified": "2017-12-22T08:59:47.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/410efb1938ab06cf29acbcd24a3eca81c5d6d0c84778997adad1b5f0ecfb455c/analysis/1513929885/",
"category": "External analysis",
"uuid": "5a3cc983-2004-4ca7-a44a-c5ba02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "36/66",
"category": "Other",
"uuid": "5a3cc983-8b20-4d33-bd68-c5ba02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-22 08:04:45",
"category": "Other",
"uuid": "5a3cc983-7470-40db-98a9-c5ba02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--43c2c13e-5c17-437d-b1e2-1d313df6a66c",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:50.000Z",
"modified": "2017-12-22T08:59:50.000Z",
"pattern": "[file:hashes.MD5 = '413a1ee232d056934a5b6fe29d689bed' AND file:hashes.SHA1 = 'f25c81b44fc15a67240430503753a913c27125dc' AND file:hashes.SHA256 = '66f13fb763cb982fc7fa685f84020ab95a5b1fe64d981ccda827749928704599']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-22T08:59:50Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "file"
}
],
"labels": [
"misp:name=\"file\"",
"misp:meta-category=\"file\"",
"misp:to_ids=\"True\""
]
},
{
"type": "x-misp-object",
"spec_version": "2.1",
"id": "x-misp-object--07ce48ac-3329-4f1f-8035-67b5c734832f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-22T08:59:47.000Z",
"modified": "2017-12-22T08:59:47.000Z",
"labels": [
"misp:name=\"virustotal-report\"",
"misp:meta-category=\"misc\""
],
"x_misp_attributes": [
{
"type": "link",
"object_relation": "permalink",
"value": "https://www.virustotal.com/file/66f13fb763cb982fc7fa685f84020ab95a5b1fe64d981ccda827749928704599/analysis/1513900202/",
"category": "External analysis",
"uuid": "5a3cc983-79a0-4e1a-870b-c5ba02de0b81"
},
{
"type": "text",
"object_relation": "detection-ratio",
"value": "32/67",
"category": "Other",
"uuid": "5a3cc983-7aa4-45e4-a33c-c5ba02de0b81"
},
{
"type": "datetime",
"object_relation": "last-submission",
"value": "2017-12-21 23:50:02",
"category": "Other",
"uuid": "5a3cc983-5240-46b9-b7cb-c5ba02de0b81"
}
],
"x_misp_meta_category": "misc",
"x_misp_name": "virustotal-report"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--b4f0a659-7528-43c9-9ce3-02e504deca05",
"created": "2017-12-22T08:59:47.000Z",
"modified": "2017-12-22T08:59:47.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--5e0141dd-e62d-46be-8334-e694d79e1948",
"target_ref": "x-misp-object--f43c4029-244c-4480-bd5a-f66813f29880"
},
{
"type": "relationship",
"spec_version": "2.1",
"id": "relationship--c68de53a-dc89-414b-b2f1-7560c375de4f",
"created": "2017-12-22T08:59:48.000Z",
"modified": "2017-12-22T08:59:48.000Z",
"relationship_type": "analysed-with",
"source_ref": "indicator--43c2c13e-5c17-437d-b1e2-1d313df6a66c",
"target_ref": "x-misp-object--07ce48ac-3329-4f1f-8035-67b5c734832f"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink