2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5bec8d43-b990-4129-a9f4-45d08064ab0b",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2021-05-24T09:59:33.000Z",
|
|
|
|
"modified": "2021-05-24T09:59:33.000Z",
|
|
|
|
"name": "citizenlab",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5bec8d43-b990-4129-a9f4-45d08064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2021-05-24T09:59:33.000Z",
|
|
|
|
"modified": "2021-05-24T09:59:33.000Z",
|
|
|
|
"name": "MISSING LINK: Tibetan Groups Targeted with Mobile Exploits",
|
|
|
|
"published": "2021-05-26T12:21:53Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5d76dfaf-574c-4253-b1f1-67578064ab0b",
|
|
|
|
"x-misp-attribute--5d76c9b2-8b24-4fb2-8ff3-61dc8064ab0b",
|
|
|
|
"x-misp-attribute--5d76c9b2-5654-4b42-a28f-61dc8064ab0b",
|
|
|
|
"indicator--5d76c70f-df94-4cd0-b977-4cea8064ab0b",
|
|
|
|
"indicator--5d76c98c-95a0-4186-9d08-61de8064ab0b",
|
|
|
|
"indicator--5d76c98c-be94-4716-9cc3-61de8064ab0b",
|
|
|
|
"indicator--5d76c98c-0998-4c3d-94fa-61de8064ab0b",
|
|
|
|
"indicator--5d76c98c-77cc-4a32-b989-61de8064ab0b",
|
|
|
|
"indicator--5d76c98c-a620-4e86-969b-61de8064ab0b",
|
|
|
|
"indicator--5d76c98c-8960-4e6c-be1c-61de8064ab0b",
|
|
|
|
"indicator--5d76c98c-52b4-4bb9-b61b-61de8064ab0b",
|
|
|
|
"indicator--5d76c98c-1b78-4933-98f8-61de8064ab0b",
|
|
|
|
"indicator--5d76c98c-3358-4897-a52b-61de8064ab0b",
|
|
|
|
"indicator--5d76c98c-6be4-4b4a-9a37-61de8064ab0b",
|
|
|
|
"indicator--5d76c98c-0cb4-4be5-b3d6-61de8064ab0b",
|
|
|
|
"indicator--5d76c98c-f230-436d-a69f-61de8064ab0b",
|
|
|
|
"indicator--5bec8d6d-71e0-40b6-add8-171c8064ab0b",
|
|
|
|
"indicator--5bec8d6d-6cc8-4aef-b8c9-171c8064ab0b",
|
|
|
|
"indicator--5d76c7a0-2dac-4e65-a0ca-67208064ab0b",
|
|
|
|
"indicator--5d76c7a0-3c28-4110-aa88-67208064ab0b",
|
|
|
|
"indicator--5d76cc33-7aac-4eb8-a1be-66c48064ab0b",
|
|
|
|
"indicator--5d76cf56-94f8-4a16-84d5-67af8064ab0b",
|
|
|
|
"indicator--5d76d19b-0704-42fa-95c5-61df8064ab0b",
|
|
|
|
"indicator--5d76d6f2-f44c-4b21-ba2d-67578064ab0b",
|
|
|
|
"indicator--5d76dae6-bdc4-4cca-8161-61de8064ab0b",
|
|
|
|
"indicator--5d76dcf6-f094-47a0-8fd4-4cea8064ab0b",
|
|
|
|
"indicator--5d76de15-2544-4f39-baed-61db8064ab0b",
|
|
|
|
"indicator--5bec8d7b-b658-4050-8b3c-45cc8064ab0b",
|
|
|
|
"indicator--5bed8343-d968-4c72-a106-2b328064ab0b",
|
|
|
|
"indicator--5bed84bf-8710-4cba-b9eb-05688064ab0b",
|
|
|
|
"observed-data--5d76c6d3-b878-442a-b476-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-b878-442a-b476-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-b644-45e2-a9d7-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-b644-45e2-a9d7-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-14c4-4b77-85be-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-14c4-4b77-85be-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-a174-4130-a62c-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-a174-4130-a62c-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-ce00-497f-9284-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-ce00-497f-9284-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-1708-4847-8b18-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-1708-4847-8b18-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-bb64-4b8d-b773-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-bb64-4b8d-b773-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-d218-49a3-96f3-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-d218-49a3-96f3-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-0658-494c-afb4-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-0658-494c-afb4-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-8624-44df-8338-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-8624-44df-8338-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-1170-4f0e-ade3-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-1170-4f0e-ade3-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-578c-4a96-88fe-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-578c-4a96-88fe-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-7058-403d-a9b1-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-7058-403d-a9b1-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-5824-4b00-8dda-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-5824-4b00-8dda-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-b8ec-438c-8161-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-b8ec-438c-8161-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-a530-4671-8fab-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-a530-4671-8fab-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-bd08-4528-9fab-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-bd08-4528-9fab-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-936c-411b-a0c9-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-936c-411b-a0c9-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-2150-4f97-80c4-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-2150-4f97-80c4-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d3-8604-4125-b369-61de8064ab0b",
|
|
|
|
"url--5d76c6d3-8604-4125-b369-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d4-7398-45b0-b5e9-61de8064ab0b",
|
|
|
|
"url--5d76c6d4-7398-45b0-b5e9-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d4-0854-4d51-8fb7-61de8064ab0b",
|
|
|
|
"url--5d76c6d4-0854-4d51-8fb7-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d4-2fb8-46f2-a589-61de8064ab0b",
|
|
|
|
"url--5d76c6d4-2fb8-46f2-a589-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b",
|
|
|
|
"url--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b",
|
|
|
|
"url--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d4-52b4-413f-bf04-61de8064ab0b",
|
|
|
|
"url--5d76c6d4-52b4-413f-bf04-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d4-dde0-484e-ac13-61de8064ab0b",
|
|
|
|
"url--5d76c6d4-dde0-484e-ac13-61de8064ab0b",
|
|
|
|
"observed-data--5d76c6d4-3b64-4591-b0df-61de8064ab0b",
|
|
|
|
"url--5d76c6d4-3b64-4591-b0df-61de8064ab0b",
|
|
|
|
"observed-data--5d76c730-b4c0-4746-af7e-61db8064ab0b",
|
|
|
|
"url--5d76c730-b4c0-4746-af7e-61db8064ab0b",
|
|
|
|
"indicator--5d892cd4-fba0-4c21-90d9-0b328064ab0b",
|
|
|
|
"observed-data--5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
|
|
|
|
"email-message--5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
|
|
|
|
"email-addr--5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
|
|
|
|
"observed-data--5d76e2eb-df2c-4913-b458-67578064ab0b",
|
|
|
|
"email-message--5d76e2eb-df2c-4913-b458-67578064ab0b",
|
|
|
|
"email-addr--5d76e2eb-df2c-4913-b458-67578064ab0b",
|
|
|
|
"observed-data--5d76e2eb-e004-41d8-bc9d-67578064ab0b",
|
|
|
|
"email-message--5d76e2eb-e004-41d8-bc9d-67578064ab0b",
|
|
|
|
"email-addr--5d76e2eb-e004-41d8-bc9d-67578064ab0b",
|
|
|
|
"observed-data--5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
|
|
|
|
"email-message--5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
|
|
|
|
"email-addr--5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
|
|
|
|
"observed-data--5d8545bf-ec98-4d0c-a8a3-55038064ab0b",
|
|
|
|
"file--5d8545bf-ec98-4d0c-a8a3-55038064ab0b",
|
|
|
|
"observed-data--5d8545d4-ee30-435b-827e-55078064ab0b",
|
|
|
|
"file--5d8545d4-ee30-435b-827e-55078064ab0b",
|
|
|
|
"observed-data--5d8545e3-c264-43d8-9666-55068064ab0b",
|
|
|
|
"file--5d8545e3-c264-43d8-9666-55068064ab0b",
|
|
|
|
"observed-data--5d854603-8bf4-44fe-96ae-47ce8064ab0b",
|
|
|
|
"file--5d854603-8bf4-44fe-96ae-47ce8064ab0b",
|
|
|
|
"indicator--bf16e26f-a501-48ec-850c-b1e55711bbcb",
|
|
|
|
"x-misp-object--7b247766-cfe9-4dbf-9d65-7511b9033460",
|
|
|
|
"indicator--07e42fa1-5891-414c-9d6a-7628f55a1d1f",
|
|
|
|
"x-misp-object--e29771d7-c7aa-41b6-8c87-6ebb84ed0786",
|
|
|
|
"indicator--6ff6b2b5-97ef-4ef1-b90f-242ed5049581",
|
|
|
|
"x-misp-object--53bad3c7-cc5b-4539-892d-470596a8998f",
|
|
|
|
"indicator--de8d9fd8-b456-4b2d-b62e-118637749f2b",
|
|
|
|
"x-misp-object--2317431c-4652-4dfc-b063-499e9e627c8f",
|
|
|
|
"indicator--d6592ce4-117e-4cd7-9969-abe216690882",
|
|
|
|
"x-misp-object--5b8d4815-cde6-498e-9914-3b4a785000f9",
|
2023-12-14 13:47:04 +00:00
|
|
|
"relationship--1a662d4d-00e7-4c67-b9a9-367ae5247142",
|
|
|
|
"relationship--2152fc4c-f20f-4daa-999e-ec9f8f4a7047",
|
|
|
|
"relationship--d5824c35-ab17-40bd-98ac-153b39fa32d9",
|
|
|
|
"relationship--a766d140-5fd0-4927-84ae-5d7b97a2081d",
|
|
|
|
"relationship--5a5c35fe-efd2-4071-a651-ad9e33c0883f"
|
2023-06-14 17:31:25 +00:00
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT",
|
|
|
|
"osint:lifetime=\"perpetual\"",
|
|
|
|
"osint:certainty=\"50\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76dfaf-574c-4253-b1f1-67578064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T23:33:51.000Z",
|
|
|
|
"modified": "2019-09-09T23:33:51.000Z",
|
|
|
|
"description": "iOS payload",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T23:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5d76c9b2-8b24-4fb2-8ff3-61dc8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:52:50.000Z",
|
|
|
|
"modified": "2019-09-09T21:52:50.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"whois-registrant-email\"",
|
|
|
|
"misp:category=\"Attribution\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Attribution",
|
|
|
|
"x_misp_type": "whois-registrant-email",
|
|
|
|
"x_misp_value": "dashenqu832@outlook.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--5d76c9b2-5654-4b42-a28f-61dc8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:52:50.000Z",
|
|
|
|
"modified": "2019-09-09T21:52:50.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"whois-registrant-email\"",
|
|
|
|
"misp:category=\"Attribution\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "Attribution",
|
|
|
|
"x_misp_type": "whois-registrant-email",
|
|
|
|
"x_misp_value": "ornaments798@outlook.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c70f-df94-4cd0-b977-4cea8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T23:33:59.000Z",
|
|
|
|
"modified": "2019-09-09T23:33:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'www.energy-mail.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T23:33:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c98c-95a0-4186-9d08-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:52:12.000Z",
|
|
|
|
"modified": "2019-09-09T21:52:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'antmoving.online']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T21:52:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c98c-be94-4716-9cc3-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:52:12.000Z",
|
|
|
|
"modified": "2019-09-09T21:52:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'beemail.online']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T21:52:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c98c-0998-4c3d-94fa-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:52:12.000Z",
|
|
|
|
"modified": "2019-09-09T21:52:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'bf.mk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T21:52:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c98c-77cc-4a32-b989-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:52:12.000Z",
|
|
|
|
"modified": "2019-09-09T21:52:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'energy-mail.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T21:52:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c98c-a620-4e86-969b-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:52:12.000Z",
|
|
|
|
"modified": "2019-09-09T21:52:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'gmailapp.me']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T21:52:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c98c-8960-4e6c-be1c-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:52:12.000Z",
|
|
|
|
"modified": "2019-09-09T21:52:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'izelense.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T21:52:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c98c-52b4-4bb9-b61b-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:52:12.000Z",
|
|
|
|
"modified": "2019-09-09T21:52:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mailanalysis.services']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T21:52:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c98c-1b78-4933-98f8-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:52:12.000Z",
|
|
|
|
"modified": "2019-09-09T21:52:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mailcontactanalysis.online']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T21:52:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c98c-3358-4897-a52b-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:52:12.000Z",
|
|
|
|
"modified": "2019-09-09T21:52:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mailnotes.online']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T21:52:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c98c-6be4-4b4a-9a37-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:52:12.000Z",
|
|
|
|
"modified": "2019-09-09T21:52:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'polarismail.services']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T21:52:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c98c-0cb4-4be5-b3d6-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:52:12.000Z",
|
|
|
|
"modified": "2019-09-09T21:52:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rf.mk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T21:52:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c98c-f230-436d-a69f-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:52:12.000Z",
|
|
|
|
"modified": "2019-09-09T21:52:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'walkingnote.online']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T21:52:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5bec8d6d-71e0-40b6-add8-171c8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2018-11-14T21:02:55.000Z",
|
|
|
|
"modified": "2018-11-14T21:02:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'www.msap.services']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-14T21:02:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5bec8d6d-6cc8-4aef-b8c9-171c8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2018-11-14T21:02:58.000Z",
|
|
|
|
"modified": "2018-11-14T21:02:58.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'msap.services']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-14T21:02:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c7a0-2dac-4e65-a0ca-67208064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:44:00.000Z",
|
|
|
|
"modified": "2019-09-09T21:44:00.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.32.75.217']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T21:44:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76c7a0-3c28-4110-aa88-67208064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-20T21:39:17.000Z",
|
|
|
|
"modified": "2019-09-20T21:39:17.000Z",
|
|
|
|
"description": "Android exploit server",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.149.154']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-20T21:39:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76cc33-7aac-4eb8-a1be-66c48064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T23:34:08.000Z",
|
|
|
|
"modified": "2019-09-09T23:34:08.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.78.79.100']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T23:34:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76cf56-94f8-4a16-84d5-67af8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T22:16:54.000Z",
|
|
|
|
"modified": "2019-09-09T22:16:54.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '149.28.93.11']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T22:16:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76d19b-0704-42fa-95c5-61df8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T23:34:47.000Z",
|
|
|
|
"modified": "2019-09-09T23:34:47.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.169.2.57']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T23:34:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76d6f2-f44c-4b21-ba2d-67578064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T22:49:22.000Z",
|
|
|
|
"modified": "2019-09-09T22:49:22.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '206.189.65.198']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T22:49:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76dae6-bdc4-4cca-8161-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T23:06:14.000Z",
|
|
|
|
"modified": "2019-09-09T23:06:14.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '140.82.17.222']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T23:06:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76dcf6-f094-47a0-8fd4-4cea8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T23:35:01.000Z",
|
|
|
|
"modified": "2019-09-09T23:35:01.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.76.53.26']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T23:35:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d76de15-2544-4f39-baed-61db8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T23:19:49.000Z",
|
|
|
|
"modified": "2019-09-09T23:19:49.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.32.91.137']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-09T23:19:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5bec8d7b-b658-4050-8b3c-45cc8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-20T21:41:18.000Z",
|
|
|
|
"modified": "2019-09-20T21:41:18.000Z",
|
|
|
|
"description": "iOS exploit server",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '144.202.59.23']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-20T21:41:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5bed8343-d968-4c72-a106-2b328064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-20T21:40:08.000Z",
|
|
|
|
"modified": "2019-09-20T21:40:08.000Z",
|
|
|
|
"description": "iOS C2",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.42.58.59']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-20T21:40:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5bed84bf-8710-4cba-b9eb-05688064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2018-11-15T14:37:51.000Z",
|
|
|
|
"modified": "2018-11-15T14:37:51.000Z",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '43.251.16.87']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2018-11-15T14:37:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-b878-442a-b476-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-b878-442a-b476-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-b878-442a-b476-61de8064ab0b",
|
|
|
|
"value": "http://bit.ly/2z1WayM"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-b644-45e2-a9d7-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-b644-45e2-a9d7-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-b644-45e2-a9d7-61de8064ab0b",
|
|
|
|
"value": "http://www.msap.services/1R7mqD"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-14c4-4b77-85be-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-14c4-4b77-85be-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-14c4-4b77-85be-61de8064ab0b",
|
|
|
|
"value": "http://bit.ly/2AYy61a"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-f8f0-4399-a2ae-61de8064ab0b",
|
|
|
|
"value": "http//www.msap.services/2bKr8Z"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-a174-4130-a62c-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-a174-4130-a62c-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-a174-4130-a62c-61de8064ab0b",
|
|
|
|
"value": "http://www.msap.services/6FeBOy"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-ce00-497f-9284-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-ce00-497f-9284-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-ce00-497f-9284-61de8064ab0b",
|
|
|
|
"value": "http://suo.im/5ot25j"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-1708-4847-8b18-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-1708-4847-8b18-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-1708-4847-8b18-61de8064ab0b",
|
|
|
|
"value": "http://news.cmitcsubs.tk:5000/web/info?org=aHR0cHM6Ly9kcml2ZS5nb29nbGUuY29tL29wZW4/aWQ9MUlTakl2eFoxX1g5YkdJSnQtMlpKeDRDRWwzdVVhRmlv"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-bb64-4b8d-b773-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-bb64-4b8d-b773-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-bb64-4b8d-b773-61de8064ab0b",
|
|
|
|
"value": "http://www.msap.services/yHJbS6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-d218-49a3-96f3-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-d218-49a3-96f3-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-d218-49a3-96f3-61de8064ab0b",
|
|
|
|
"value": "http://bit.ly/2qHg3Xt"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-0658-494c-afb4-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-0658-494c-afb4-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-0658-494c-afb4-61de8064ab0b",
|
|
|
|
"value": "http://www.msap.services/S5gDoN"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-8624-44df-8338-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-8624-44df-8338-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-8624-44df-8338-61de8064ab0b",
|
|
|
|
"value": "http://bit.ly/2T2CoeX"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-1170-4f0e-ade3-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-1170-4f0e-ade3-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-1170-4f0e-ade3-61de8064ab0b",
|
|
|
|
"value": "http://www.msap.services/EzpOhU"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-578c-4a96-88fe-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-578c-4a96-88fe-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-578c-4a96-88fe-61de8064ab0b",
|
|
|
|
"value": "http://bit.ly/2PSvdau"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-7058-403d-a9b1-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-7058-403d-a9b1-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-7058-403d-a9b1-61de8064ab0b",
|
|
|
|
"value": "http://www.msap.services/GfHuRi"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-5824-4b00-8dda-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-5824-4b00-8dda-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-5824-4b00-8dda-61de8064ab0b",
|
|
|
|
"value": "http://suo.im/5okeFb"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-b8ec-438c-8161-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-b8ec-438c-8161-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-b8ec-438c-8161-61de8064ab0b",
|
|
|
|
"value": "http://news.cmitcsubs.tk:5000/web/info?org=aHR0cHM6Ly93d3cubnl0aW1lcy5jb20vMjAxOC8xMS8wMi9vYml0dWFyaWVzL2xvZGktZ3lhcmktZGVhZC5odG1s"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-a530-4671-8fab-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-a530-4671-8fab-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-a530-4671-8fab-61de8064ab0b",
|
|
|
|
"value": "http://bit.ly/2SVPqdY"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-bd08-4528-9fab-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-bd08-4528-9fab-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-bd08-4528-9fab-61de8064ab0b",
|
|
|
|
"value": "http://www.msap.services/F8XGNe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-936c-411b-a0c9-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-936c-411b-a0c9-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-936c-411b-a0c9-61de8064ab0b",
|
|
|
|
"value": "http://bit.ly/2QroNMt"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-2f9c-40b2-8cd5-61de8064ab0b",
|
|
|
|
"value": "http://www.msap.services/70FtQX"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-2150-4f97-80c4-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-2150-4f97-80c4-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-2150-4f97-80c4-61de8064ab0b",
|
|
|
|
"value": "http://msap.services/yHJbS6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-0d28-4b27-9ac6-61de8064ab0b",
|
|
|
|
"value": "http://bit.ly/2B4GwEf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d3-8604-4125-b369-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d3-8604-4125-b369-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d3-8604-4125-b369-61de8064ab0b",
|
|
|
|
"value": "http://www.msap.services/XgL5A9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d4-7398-45b0-b5e9-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:35.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:35.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d4-7398-45b0-b5e9-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d4-7398-45b0-b5e9-61de8064ab0b",
|
|
|
|
"value": "http://bit.ly/2T6pCMf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d4-0854-4d51-8fb7-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:36.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:36.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:36Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d4-0854-4d51-8fb7-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d4-0854-4d51-8fb7-61de8064ab0b",
|
|
|
|
"value": "http://www.msap.services/ZpzstM"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d4-2fb8-46f2-a589-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:36.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:36.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:36Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d4-2fb8-46f2-a589-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d4-2fb8-46f2-a589-61de8064ab0b",
|
|
|
|
"value": "http://bit.ly/2Drl90q"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:36.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:36.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:36Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d4-12f0-4f58-9a9b-61de8064ab0b",
|
|
|
|
"value": "http://www.msap.services/ZQfqzs"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:36.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:36.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:36Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d4-c2a8-4ee3-bf3d-61de8064ab0b",
|
|
|
|
"value": "https://bit.ly/2MgSRwL"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d4-52b4-413f-bf04-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:36.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:36.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:36Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d4-52b4-413f-bf04-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d4-52b4-413f-bf04-61de8064ab0b",
|
|
|
|
"value": "https://www.energy-mail.org/B20V54"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d4-dde0-484e-ac13-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:36.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:36.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:36Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d4-dde0-484e-ac13-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d4-dde0-484e-ac13-61de8064ab0b",
|
|
|
|
"value": "https://bit.ly/2XePmYt"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c6d4-3b64-4591-b0df-61de8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:40:36.000Z",
|
|
|
|
"modified": "2019-09-09T21:40:36.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:40:36Z",
|
|
|
|
"last_observed": "2019-09-09T21:40:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c6d4-3b64-4591-b0df-61de8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c6d4-3b64-4591-b0df-61de8064ab0b",
|
|
|
|
"value": "http://45.76.149.154:5000/web/info?org=aHR0cDovL3d3dy5waGF5dWwuY29tL25ld3MvYXJ0aWNsZS5hc3B4P2lkPTQxNDc0JmZiY2xpZD1Jd0FSM1RadGdjanppUkhNZFJuOEdhZ1RMUV9iMHFrX0VBZWY2YldxRU5SanhaZkkzRFdPNFpsRExPcFdz"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76c730-b4c0-4746-af7e-61db8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T21:42:08.000Z",
|
|
|
|
"modified": "2019-09-09T21:42:08.000Z",
|
|
|
|
"first_observed": "2019-09-09T21:42:08Z",
|
|
|
|
"last_observed": "2019-09-09T21:42:08Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5d76c730-b4c0-4746-af7e-61db8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5d76c730-b4c0-4746-af7e-61db8064ab0b",
|
|
|
|
"value": "http://43.251.16.87:5000//dev/loader"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5d892cd4-fba0-4c21-90d9-0b328064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-23T20:36:36.000Z",
|
|
|
|
"modified": "2019-09-23T20:36:36.000Z",
|
|
|
|
"description": "Scotch user agent",
|
|
|
|
"pattern": "[network-traffic:extensions.'http-request-ext'.request_header.'User-Agent' = 'hots scot']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-23T20:36:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"user-agent\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T23:40:27.000Z",
|
|
|
|
"modified": "2019-09-09T23:40:27.000Z",
|
|
|
|
"first_observed": "2019-09-09T23:40:27Z",
|
|
|
|
"last_observed": "2019-09-09T23:40:27Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"email-message--5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
|
|
|
|
"email-addr--5d76e2eb-abe8-44bb-8dbf-67578064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"email-src\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "email-message",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "email-message--5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
|
|
|
|
"is_multipart": false,
|
|
|
|
"from_ref": "email-addr--5d76e2eb-abe8-44bb-8dbf-67578064ab0b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "email-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "email-addr--5d76e2eb-abe8-44bb-8dbf-67578064ab0b",
|
|
|
|
"value": "antmoving.online@gmail.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76e2eb-df2c-4913-b458-67578064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T23:40:27.000Z",
|
|
|
|
"modified": "2019-09-09T23:40:27.000Z",
|
|
|
|
"first_observed": "2019-09-09T23:40:27Z",
|
|
|
|
"last_observed": "2019-09-09T23:40:27Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"email-message--5d76e2eb-df2c-4913-b458-67578064ab0b",
|
|
|
|
"email-addr--5d76e2eb-df2c-4913-b458-67578064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"email-src\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "email-message",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "email-message--5d76e2eb-df2c-4913-b458-67578064ab0b",
|
|
|
|
"is_multipart": false,
|
|
|
|
"from_ref": "email-addr--5d76e2eb-df2c-4913-b458-67578064ab0b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "email-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "email-addr--5d76e2eb-df2c-4913-b458-67578064ab0b",
|
|
|
|
"value": "energymail.org@gmail.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76e2eb-e004-41d8-bc9d-67578064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T23:40:27.000Z",
|
|
|
|
"modified": "2019-09-09T23:40:27.000Z",
|
|
|
|
"first_observed": "2019-09-09T23:40:27Z",
|
|
|
|
"last_observed": "2019-09-09T23:40:27Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"email-message--5d76e2eb-e004-41d8-bc9d-67578064ab0b",
|
|
|
|
"email-addr--5d76e2eb-e004-41d8-bc9d-67578064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"email-src\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "email-message",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "email-message--5d76e2eb-e004-41d8-bc9d-67578064ab0b",
|
|
|
|
"is_multipart": false,
|
|
|
|
"from_ref": "email-addr--5d76e2eb-e004-41d8-bc9d-67578064ab0b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "email-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "email-addr--5d76e2eb-e004-41d8-bc9d-67578064ab0b",
|
|
|
|
"value": "jameslewis199106@gmail.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-09T23:40:27.000Z",
|
|
|
|
"modified": "2019-09-09T23:40:27.000Z",
|
|
|
|
"first_observed": "2019-09-09T23:40:27Z",
|
|
|
|
"last_observed": "2019-09-09T23:40:27Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"email-message--5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
|
|
|
|
"email-addr--5d76e2eb-37c8-4b75-b5d7-67578064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"email-src\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "email-message",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "email-message--5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
|
|
|
|
"is_multipart": false,
|
|
|
|
"from_ref": "email-addr--5d76e2eb-37c8-4b75-b5d7-67578064ab0b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "email-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "email-addr--5d76e2eb-37c8-4b75-b5d7-67578064ab0b",
|
|
|
|
"value": "touchxun658@gmail.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d8545bf-ec98-4d0c-a8a3-55038064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-20T21:33:51.000Z",
|
|
|
|
"modified": "2019-09-20T21:33:51.000Z",
|
|
|
|
"first_observed": "2019-09-20T21:33:51Z",
|
|
|
|
"last_observed": "2019-09-20T21:33:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5d8545bf-ec98-4d0c-a8a3-55038064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5d8545bf-ec98-4d0c-a8a3-55038064ab0b",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-256": "6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d8545d4-ee30-435b-827e-55078064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-20T21:34:12.000Z",
|
|
|
|
"modified": "2019-09-20T21:34:12.000Z",
|
|
|
|
"first_observed": "2019-09-20T21:34:12Z",
|
|
|
|
"last_observed": "2019-09-20T21:34:12Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5d8545d4-ee30-435b-827e-55078064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5d8545d4-ee30-435b-827e-55078064ab0b",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-256": "e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d8545e3-c264-43d8-9666-55068064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-20T21:34:27.000Z",
|
|
|
|
"modified": "2019-09-20T21:34:27.000Z",
|
|
|
|
"first_observed": "2019-09-20T21:34:27Z",
|
|
|
|
"last_observed": "2019-09-20T21:34:27Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5d8545e3-c264-43d8-9666-55068064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5d8545e3-c264-43d8-9666-55068064ab0b",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-256": "0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5d854603-8bf4-44fe-96ae-47ce8064ab0b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-20T21:34:59.000Z",
|
|
|
|
"modified": "2019-09-20T21:34:59.000Z",
|
|
|
|
"first_observed": "2019-09-20T21:34:59Z",
|
|
|
|
"last_observed": "2019-09-20T21:34:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"file--5d854603-8bf4-44fe-96ae-47ce8064ab0b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Payload delivery\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "file",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "file--5d854603-8bf4-44fe-96ae-47ce8064ab0b",
|
|
|
|
"hashes": {
|
|
|
|
"SHA-256": "b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88"
|
|
|
|
}
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--bf16e26f-a501-48ec-850c-b1e55711bbcb",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-25T10:32:27.000Z",
|
|
|
|
"modified": "2019-09-25T10:32:27.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fb7bab3571e557ee7f88309dc472f748' AND file:hashes.SHA1 = '68533858c90515369a1d2f36d72cb3537de58437' AND file:hashes.SHA256 = 'b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-25T10:32:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--7b247766-cfe9-4dbf-9d65-7511b9033460",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-25T10:32:27.000Z",
|
|
|
|
"modified": "2019-09-25T10:32:27.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-09-24T22:38:19",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Loader",
|
|
|
|
"uuid": "4462e200-9d40-4c54-9e90-5d20c74e6bfd"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/b85fe634f3c5b1022a1adbc21f3b85b58451ca2b89e9380fc5f22b9340a18b88/analysis/1569364699/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Loader",
|
|
|
|
"uuid": "8d1378f4-ea14-4387-8d7a-d85ca5b071de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "1/57",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Loader",
|
|
|
|
"uuid": "8b05523a-b753-4eba-81e0-b89f5a6ab696"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--07e42fa1-5891-414c-9d6a-7628f55a1d1f",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-25T10:32:28.000Z",
|
|
|
|
"modified": "2019-09-25T10:32:28.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '111ba6564931fccb7f4d0e940b492520' AND file:hashes.SHA1 = '33ea7c4ad4f6d0b59b7b4de906735483e6e8cff7' AND file:hashes.SHA256 = 'e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-25T10:32:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--e29771d7-c7aa-41b6-8c87-6ebb84ed0786",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-25T10:32:28.000Z",
|
|
|
|
"modified": "2019-09-25T10:32:28.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-09-25T04:23:12",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Whisky",
|
|
|
|
"uuid": "d5e4a39f-9daa-4aa4-aba5-8c71ae50e624"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/e510c361c8101384277dd95cc2c8e76715dd241f58553f592245b620422beaf3/analysis/1569385392/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Whisky",
|
|
|
|
"uuid": "271b9e9f-9c1b-4d87-a122-3ecacf84a57b"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "2/56",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Whisky",
|
|
|
|
"uuid": "c4751a17-01e5-4b62-8e6c-576d2aab11cf"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--6ff6b2b5-97ef-4ef1-b90f-242ed5049581",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-25T10:32:28.000Z",
|
|
|
|
"modified": "2019-09-25T10:32:28.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '0d5158b33dc32cfd3c020f9dd13bde55' AND file:hashes.SHA1 = 'df4c6cd8e046d7072cd833575593069f28a02674' AND file:hashes.SHA256 = '6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-25T10:32:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--53bad3c7-cc5b-4539-892d-470596a8998f",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-25T10:32:28.000Z",
|
|
|
|
"modified": "2019-09-25T10:32:28.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-09-25T04:23:29",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "libbourbon",
|
|
|
|
"uuid": "a9483f0b-b532-4933-8cf6-cfd2109189e6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/6977e6098815cd91016be9d76f194ed4622640d03c6cdd66b1032306a2190af7/analysis/1569385409/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "libbourbon",
|
|
|
|
"uuid": "7b7d7f13-40a7-4906-91fc-d315674418f3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "2/55",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "libbourbon",
|
|
|
|
"uuid": "0bbfca68-2eb1-4495-86ec-ab68a0d267c9"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--de8d9fd8-b456-4b2d-b62e-118637749f2b",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-25T10:32:28.000Z",
|
|
|
|
"modified": "2019-09-25T10:32:28.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fb713151159601eef43226aadd7bb5a6' AND file:hashes.SHA1 = 'fedb77270570b8c401577b65595a9b32e2fa368a' AND file:hashes.SHA256 = '0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-25T10:32:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--2317431c-4652-4dfc-b063-499e9e627c8f",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-25T10:32:29.000Z",
|
|
|
|
"modified": "2019-09-25T10:32:29.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-09-24T22:38:17",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "Scotch",
|
|
|
|
"uuid": "9c01d4ea-e2be-4494-94a3-e63a19dd0abe"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/0d13e403303b52edae6beb76a6fe7ed454f340aae1246b9a3f55ca728da2d6aa/analysis/1569364697/",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Scotch",
|
|
|
|
"uuid": "4350a59c-0d18-4044-9956-66634701dbc3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "1/58",
|
|
|
|
"category": "Payload delivery",
|
|
|
|
"comment": "Scotch",
|
|
|
|
"uuid": "5634a47e-9a8c-483f-af69-13deaf6d152a"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--d6592ce4-117e-4cd7-9969-abe216690882",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-25T10:32:30.000Z",
|
|
|
|
"modified": "2019-09-25T10:32:30.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'fa3aeb8ce67077e54b09e0e4c80e3814' AND file:hashes.SHA1 = '24ef2efdb2348cf9db3fb5bf79555e1ffe411c68' AND file:hashes.SHA256 = '0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2019-09-25T10:32:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "file"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"file\"",
|
|
|
|
"misp:meta-category=\"file\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-object",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-object--5b8d4815-cde6-498e-9914-3b4a785000f9",
|
|
|
|
"created_by_ref": "identity--581b5fea-818c-441a-bd1d-49798e96ca05",
|
|
|
|
"created": "2019-09-25T10:32:30.000Z",
|
|
|
|
"modified": "2019-09-25T10:32:30.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:name=\"virustotal-report\"",
|
|
|
|
"misp:meta-category=\"misc\""
|
|
|
|
],
|
|
|
|
"x_misp_attributes": [
|
|
|
|
{
|
|
|
|
"type": "datetime",
|
|
|
|
"object_relation": "last-submission",
|
|
|
|
"value": "2019-09-25T10:00:33",
|
|
|
|
"category": "Other",
|
|
|
|
"comment": "iOS payload",
|
|
|
|
"uuid": "98623fdf-dc92-4290-bc36-de3d32dff2e4"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "link",
|
|
|
|
"object_relation": "permalink",
|
|
|
|
"value": "https://www.virustotal.com/file/0d2ee9ade24163613772fdda201af985d852ab506e3d3e7f07fb3fa8b0853560/analysis/1569405633/",
|
|
|
|
"category": "External analysis",
|
|
|
|
"comment": "iOS payload",
|
|
|
|
"uuid": "14f169f7-d2c4-4be0-bef3-adc7ff0e345d"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "text",
|
|
|
|
"object_relation": "detection-ratio",
|
|
|
|
"value": "18/55",
|
|
|
|
"category": "Artifacts dropped",
|
|
|
|
"comment": "iOS payload",
|
|
|
|
"uuid": "bbd53242-0d06-4119-ad7b-2884119a5c84"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"x_misp_meta_category": "misc",
|
|
|
|
"x_misp_name": "virustotal-report"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--1a662d4d-00e7-4c67-b9a9-367ae5247142",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2021-05-24T09:59:33.000Z",
|
|
|
|
"modified": "2021-05-24T09:59:33.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--bf16e26f-a501-48ec-850c-b1e55711bbcb",
|
|
|
|
"target_ref": "x-misp-object--7b247766-cfe9-4dbf-9d65-7511b9033460"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--2152fc4c-f20f-4daa-999e-ec9f8f4a7047",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2021-05-24T09:59:33.000Z",
|
|
|
|
"modified": "2021-05-24T09:59:33.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--07e42fa1-5891-414c-9d6a-7628f55a1d1f",
|
|
|
|
"target_ref": "x-misp-object--e29771d7-c7aa-41b6-8c87-6ebb84ed0786"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--d5824c35-ab17-40bd-98ac-153b39fa32d9",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2021-05-24T09:59:33.000Z",
|
|
|
|
"modified": "2021-05-24T09:59:33.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--6ff6b2b5-97ef-4ef1-b90f-242ed5049581",
|
|
|
|
"target_ref": "x-misp-object--53bad3c7-cc5b-4539-892d-470596a8998f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--a766d140-5fd0-4927-84ae-5d7b97a2081d",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2021-05-24T09:59:33.000Z",
|
|
|
|
"modified": "2021-05-24T09:59:33.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--de8d9fd8-b456-4b2d-b62e-118637749f2b",
|
|
|
|
"target_ref": "x-misp-object--2317431c-4652-4dfc-b063-499e9e627c8f"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "relationship",
|
|
|
|
"spec_version": "2.1",
|
2023-12-14 13:47:04 +00:00
|
|
|
"id": "relationship--5a5c35fe-efd2-4071-a651-ad9e33c0883f",
|
2023-06-14 17:31:25 +00:00
|
|
|
"created": "2021-05-24T09:59:33.000Z",
|
|
|
|
"modified": "2021-05-24T09:59:33.000Z",
|
2023-04-21 13:25:09 +00:00
|
|
|
"relationship_type": "analysed-with",
|
2023-06-14 17:31:25 +00:00
|
|
|
"source_ref": "indicator--d6592ce4-117e-4cd7-9969-abe216690882",
|
|
|
|
"target_ref": "x-misp-object--5b8d4815-cde6-498e-9914-3b4a785000f9"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|