2183 lines
5.7 MiB
JSON
2183 lines
5.7 MiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--54eecca6-27ac-4a73-b78e-4e4d950d210b",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:53:55.000Z",
|
||
|
"modified": "2015-02-26T07:53:55.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--54eecca6-27ac-4a73-b78e-4e4d950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:53:55.000Z",
|
||
|
"modified": "2015-02-26T07:53:55.000Z",
|
||
|
"name": "A deeper look into ScanBox TLP:GREEN report from PWC UK",
|
||
|
"published": "2016-02-22T15:15:16Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--54eecccf-9900-4566-9c63-0c01950d210b",
|
||
|
"file--54eecccf-9900-4566-9c63-0c01950d210b",
|
||
|
"artifact--54eecccf-9900-4566-9c63-0c01950d210b",
|
||
|
"x-misp-attribute--54eeccdd-2318-47ad-9001-0c06950d210b",
|
||
|
"indicator--54eecd53-6ac8-4407-84ba-41a3950d210b",
|
||
|
"indicator--54eecd53-f488-4268-89e3-4638950d210b",
|
||
|
"indicator--54eecd53-c7f0-4ce7-a3ab-4a1c950d210b",
|
||
|
"indicator--54eecd53-7e5c-4052-bf8b-4f25950d210b",
|
||
|
"indicator--54eecd53-b41c-4133-9769-4e97950d210b",
|
||
|
"indicator--54eecd61-9df8-4f1e-a163-4b05950d210b",
|
||
|
"indicator--54eecd62-d410-4b78-a14b-4eec950d210b",
|
||
|
"indicator--54eecd62-8138-4bef-beb7-4b08950d210b",
|
||
|
"indicator--54eecd62-3a60-4291-a2e9-4402950d210b",
|
||
|
"indicator--54eecd77-cd3c-40b2-a248-4a3d950d210b",
|
||
|
"indicator--54eecd77-38c8-4450-835d-40e6950d210b",
|
||
|
"indicator--54eecd77-0b70-4b2f-b226-462f950d210b",
|
||
|
"indicator--54eecd77-df34-4d9d-93d8-41eb950d210b",
|
||
|
"indicator--54eece6e-02c0-40ac-9fa9-478b950d210b",
|
||
|
"indicator--54eece6e-a6d4-47be-bbbe-4c57950d210b",
|
||
|
"indicator--54eece6e-5c20-45e0-9c2c-4702950d210b",
|
||
|
"indicator--54eece6e-7094-4d7b-ab26-4ad6950d210b",
|
||
|
"indicator--54eece85-54b0-4b2e-b57d-dcfc950d210b",
|
||
|
"indicator--54eece85-c748-4a09-9c94-dcfc950d210b",
|
||
|
"indicator--54eece85-71d4-4041-a4ae-dcfc950d210b",
|
||
|
"indicator--54eece85-605c-4336-85e9-dcfc950d210b",
|
||
|
"indicator--54eece85-45e4-4e79-9332-dcfc950d210b",
|
||
|
"indicator--54eece85-24dc-4518-abfc-dcfc950d210b",
|
||
|
"indicator--54eece85-58fc-4031-b907-dcfc950d210b",
|
||
|
"indicator--54eece86-b8cc-4d7e-bac9-dcfc950d210b",
|
||
|
"indicator--54eece86-b8bc-4a99-a41d-dcfc950d210b",
|
||
|
"indicator--54eece86-ae68-4781-be83-dcfc950d210b",
|
||
|
"indicator--54eece86-ac80-4097-bc50-dcfc950d210b",
|
||
|
"indicator--54eece86-9ddc-46ca-820d-dcfc950d210b",
|
||
|
"indicator--54eed06a-4b10-42b2-b2a1-447f950d210b",
|
||
|
"indicator--54eed06a-7394-41c1-a127-4947950d210b",
|
||
|
"indicator--54eed06a-0364-4434-8200-4c57950d210b",
|
||
|
"indicator--54eed06a-fd34-41f6-b77a-4eee950d210b",
|
||
|
"indicator--54eed06a-a408-4762-8523-47cb950d210b",
|
||
|
"indicator--54eed06b-7cc0-40e4-806f-4a40950d210b",
|
||
|
"indicator--54eed06b-8408-442c-b5d2-44ad950d210b",
|
||
|
"indicator--54eed06b-8720-48ca-ba15-4188950d210b",
|
||
|
"indicator--54eed06b-6098-49d4-92cd-436c950d210b",
|
||
|
"indicator--54eed06b-040c-4b7f-8545-458e950d210b",
|
||
|
"indicator--54eed06b-596c-4106-9151-4b80950d210b",
|
||
|
"indicator--54eed06b-ac4c-4cd3-a775-4f1c950d210b",
|
||
|
"indicator--54eed06b-dc84-4248-b0a4-4e08950d210b",
|
||
|
"indicator--54eed06b-21d0-4caa-b1e0-479d950d210b",
|
||
|
"indicator--54eed06b-77c4-4d2f-9ad5-4b15950d210b",
|
||
|
"indicator--54eed06c-9f40-4510-a2ce-414d950d210b",
|
||
|
"indicator--54eed06c-99c8-4e6b-853c-4771950d210b",
|
||
|
"indicator--54eed06c-db30-447f-98c5-441b950d210b",
|
||
|
"indicator--54eed06c-2d94-4024-8827-4f97950d210b",
|
||
|
"indicator--54eed06c-8638-404d-a87a-4764950d210b",
|
||
|
"indicator--54eed06c-e6b4-4ee0-94c8-4b57950d210b",
|
||
|
"indicator--54eed06c-eb40-4956-90ab-41b5950d210b",
|
||
|
"indicator--54eed06c-b940-41bf-895a-4a6a950d210b",
|
||
|
"indicator--54eed06c-49b8-4f8e-bea7-4313950d210b",
|
||
|
"indicator--54eed06c-9ad8-4e5d-b821-4f3c950d210b",
|
||
|
"indicator--54eed06d-1e20-46b6-b0f6-4be2950d210b",
|
||
|
"indicator--54eed06d-5068-49c5-a39f-4c4c950d210b",
|
||
|
"indicator--54eed06d-7e80-44d7-b2e3-4b07950d210b",
|
||
|
"indicator--54eed06d-c92c-4db2-aec4-494a950d210b",
|
||
|
"indicator--54eed06d-7210-42b5-9945-44f4950d210b",
|
||
|
"indicator--54eed06d-19c4-4b63-9da0-4281950d210b",
|
||
|
"indicator--54eed06d-f428-4c6e-b8b4-4c52950d210b",
|
||
|
"indicator--54eed06d-3dd0-451e-90ed-4709950d210b",
|
||
|
"x-misp-attribute--54eed0b2-e270-4773-8d42-4b67950d210b",
|
||
|
"x-misp-attribute--54eed0b2-012c-4f06-810c-4eff950d210b",
|
||
|
"x-misp-attribute--54eed0b3-5ca8-4342-bf7c-4262950d210b",
|
||
|
"x-misp-attribute--54eed0b3-19a4-4bae-b2e6-4af7950d210b",
|
||
|
"x-misp-attribute--54eed0b3-08b4-4f72-b926-4bb3950d210b",
|
||
|
"x-misp-attribute--54eed0b3-cf3c-4751-bc45-4a48950d210b",
|
||
|
"x-misp-attribute--54eed0b3-0000-4b3b-ac41-45fc950d210b",
|
||
|
"x-misp-attribute--54eed0b3-94d4-4549-b7d3-42b8950d210b",
|
||
|
"x-misp-attribute--54eed0b3-e694-4887-aa2e-43bd950d210b",
|
||
|
"x-misp-attribute--54eed0b3-1e9c-439e-b82b-481c950d210b",
|
||
|
"x-misp-attribute--54eed0b3-c054-4cc7-86f2-49c3950d210b",
|
||
|
"indicator--54eed113-2ac4-4d25-b3a7-4c4f950d210b",
|
||
|
"indicator--54eed113-bca4-43d1-9b3a-42e0950d210b",
|
||
|
"indicator--54eed113-7c2c-4e51-b6b5-47ac950d210b",
|
||
|
"indicator--54eed113-e92c-4a6c-888c-44b0950d210b",
|
||
|
"indicator--54eed113-3364-44ae-80ff-4291950d210b",
|
||
|
"indicator--54eed113-66ec-471a-8c52-4039950d210b",
|
||
|
"indicator--56c65608-90e0-4817-a526-599c950d210f",
|
||
|
"indicator--56c6560a-2ce0-4424-b699-599c950d210f",
|
||
|
"indicator--56c6560b-e72c-49f5-8eb8-c651950d210f",
|
||
|
"indicator--56c65604-90ac-4fac-b81b-c653950d210f",
|
||
|
"indicator--56c65606-a570-41a5-a515-599e950d210f",
|
||
|
"indicator--56c65605-fa14-45c5-9a6e-59a1950d210f",
|
||
|
"indicator--56c65607-29c0-41d1-8dfc-c652950d210f",
|
||
|
"indicator--56c65609-00a8-447c-948b-c651950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--54eecccf-9900-4566-9c63-0c01950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:35:43.000Z",
|
||
|
"modified": "2015-02-26T07:35:43.000Z",
|
||
|
"first_observed": "2015-02-26T07:35:43Z",
|
||
|
"last_observed": "2015-02-26T07:35:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"file--54eecccf-9900-4566-9c63-0c01950d210b",
|
||
|
"artifact--54eecccf-9900-4566-9c63-0c01950d210b"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"attachment\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "file",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "file--54eecccf-9900-4566-9c63-0c01950d210b",
|
||
|
"name": "CTO-TIB-20150224-01B.pdf",
|
||
|
"content_ref": "artifact--54eecccf-9900-4566-9c63-0c01950d210b"
|
||
|
},
|
||
|
{
|
||
|
"type": "artifact",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "artifact--54eecccf-9900-4566-9c63-0c01950d210b",
|
||
|
"payload_bin": "JVBERi0xLjQNCiWm6c/EDQoxIDAgb2JqDQo8PA0KL0NyZWF0b3IgPEZFRkYwMDREMDA2OTAwNjMwMDcyMDA2RjAwNzMwMDZGMDA2NjAwNzQwMDIwMDA1NzAwNkYwMDcyMDA2NDAwMjAwMDJEMDAyMDAwNDMwMDU0MDA0RjAwMkQwMDU0MDA0OTAwNDIwMDJEMDAzMjAwMzAwMDMxMDAzNTAwMzAwMDMyMDAzMjAwMzQwMDJEMDAzMDAwMzEwMDQyMDAyRTAwNjQwMDZGMDA2MzAwNzg+DQovUHJvZHVjZXIgPEZFRkYwMDUzMDA2MzAwNjEwMDZFMDA1MzAwNkYwMDY2MDA3NDAwMjAwMDUwMDA0NDAwNDYwMDIwMDA0MzAwNzIwMDY1MDA2MTAwNzQwMDY1MDAyMTAwMjAwMDM3Pg0KL0NyZWF0aW9uRGF0ZSAoRDoyMDE1MDIyNDEwMTAwOFopDQovTW9kRGF0ZSAoRDoyMDE1MDIyNDEwMTAwOFopDQovQXV0aG9yIDxGRUZGMDAzOTAwMzEwMDMxMDAzMzAwMzEwMDM3Pg0KL1RpdGxlIDxGRUZGMDA0RDAwNjkwMDYzMDA3MjAwNkYwMDczMDA2RjAwNjYwMDc0MDAyMDAwNTcwMDZGMDA3MjAwNjQwMDIwMDAyRDAwMjAwMDQzMDA1NDAwNEYwMDJEMDA1NDAwNDkwMDQyMDAyRDAwMzIwMDMwMDAzMTAwMzUwMDMwMDAzMjAwMzIwMDM0MDAyRDAwMzAwMDMxMDA0MjAwMkUwMDY0MDA2RjAwNjMwMDc4Pg0KPj4NCmVuZG9iag0KNCAwIG9iag0KPDwNCi9MZW5ndGggNSAwIFINCi9GaWx0ZXIgL0ZsYXRlRGVjb2RlDQo+Pg0Kc3RyZWFtDQp4nJ1ay64kx3XcX+D+Qy+7BXQp3w+tZFq0QUOw9biAFoIWFDEkR+IMJZqC5b/3eUZm9VzSI2GAmcnTmZWVUVknT0TUX5+fRj9muwT609JR0yX3I4xLT+EI/fLFu+enn372Ll5+8e3Tr5+f/vr8FC/857uvnp/ePz/1dJRxaaUcpV/ynEdPl3umf6jHm+enL59/YFBMMmjkyzu0QznyvHzz/FQo0MYrAR1Bga9l0CgSitEuwu1QuS1j4usBHaEX+d1PLu8/vKUSwlHb5V7CUcp5HZ+8PP/03+IlCWQvXz5HwS1eBoFF146F45eXd8+/v/7r7R6Pfv3fP97SEa5vbvFI1+9u91QbRV/oP0e7fk3Ref3ujfzz+fcUbOGI1/+63QuN+QuFs4/kXxv9561c7tvbPR/l+v6/b394+Y/nT1/8/sIxy2X9ZYCHSxn1mJUebTl6u9TBT5gX9jtb/30WRriMxg+d4Lz3wH0qIRIEch7ayh6osmYbonh++ZN1I6Ne1l+4ER5PD/Wd/j8frfvFY3sIhCKBWjWQj5kkEKcHGt9g4s1mgdokkDEk8xB67t0D2q42IvHj4oCvUTZRpQfvt0FPSdo+qez3Sjt8YERuEqjokYoEkveg1ji63RPdzJBAnh5gWOmlm9EDNUmgYkgaEgjdAwxWblh5EGwo4HMS6NSuWHgQrCjQ0IGxokBCD8Yq0/6YHtB20RFtClY58z6yAGNFAVs5BbSDvl7cFqySr50CAk3ySSkQeZLoa29TWgZ+G4oVvQXRA4JVcPQpIFgFTj8WEKyCtxioNH3ZrQtQFIjVA9Q9DV81tRkXCviUnXNA5RceIxgoCnT00LbtutYEqNQcfAowUBSwbUcB7WC7jtoMVKpYeBOgKGDbjgIMVCpYeBVoKOCzVnmxaZi1GJeUMWU9irQjujNOKQH5qlAl33WtKFTJdx0FeETEuotCFX3TUUCgClh4EWSCb3Vqc0rhg8VGZEEmTkya+QDhgC88M1RxAP0sUFGgogNDRQHfdVmgih27LglUFPBdlwSq2LB2OfY44Hs9MVqxYelJwIkVsybJThTwtUdBy9GNDBUdBg2/MlQUWB0Yqpix7yJDRW3fdlGgigkLDwpVwk4PClXCwoNCEzFrkNREgYQhghXSHR82fA2kuzoVK+Q7CjBWAfmOAowVBWzjUaBw2xsMVBi+7yjAQFHAVk5HD00QOmYckpkoYCunAGMVkO0owFgFZDsKJGkb9nqa1YBsV7tgRQHbeBRgrCjgR1cXrKjAsI1HAcaKAhFDGJqQMWuXlq+6KS4JczZJTRTwlTcFCsmOAtwBuY7aglX0XUeBoD185VWwCr7rqN004CuvDE3hsqt6gJITBzKGEDZlDswqFQoHfOWFweJARo/O10DGo0AZErCtR4HcJBAxJPKQ5luvFmn5yjODVWb13U6BViTgS6fXmtoFU2ZOTxyoGBGbBDJ6BBmiLXoO1EC6q1IvcsC3XVKkEvZdUqQSlp0UqYidHhWpiGVHBSZ6i38NWHJUlJDtKJC1R0APRmkg29HNcst3XBCUxsCOC4ISBXzNgVGict33XBCUKFAxImgPm7JMTktcotmyV0CRDw//r9vk5dX2xL1UvdC6/abVYEWPMfabkeX2DZ50Xo3iRctNeUN4w0PxJ8RC35/QBqg+QwrMeHrK66HYPgh4YxKnmzLP+yYC8iR4bbvC9l3Cum2rrp2lezlj2bbZ1+a01yFj5eW0s+1lKli3vW6oBvyFrNs73PX98zntpW5Yt7326w21xIBMk9PpFbfM0rHuqsisNFEPbTekt6C5KCJFyis7t4zI6S2c0mN4zKio7SjAZxGlQ6TkU7a0BB2RVCyFr4RrST5hzXYMoEL1gyJj2XaUoMi1s6Zsp5McRiiT/biqDwccKm1qTzmuTgdkw4xTCjEKrAO2nI4/O3A7Fm5HMgiDHdp0xq5zXqAB6bCDnw7tc60QwFoooMf8Q7kRUBIFqWopcK5YVnERpS7eyg8relaBEuX42koYLZNA4LyIyo91F0ggBRgtCjyUbgU1ZpJzmAIP5d8q1fKpkrP6cdV6WaumVQxqCbqqRatRVz1pVSzSMAUEq34uhCMSObWzBs619Fb3FsVqPpbjq3auUi1s1bWV9Kv81pp/1edVoNkqeOMMq8Q/MwAjHYsjGC1ZLKIJVhvNUGZTvNHTiaMYM1ospishWDzHyNViQka/FlfqAsxGppTBLbY1FJfFx4wELsI2BJeBSZVEJpRERjM3VjgUqEUb54lVGo0N3hJFYHFS48GLtYpMtvNao9Jgvia+EFO2CY2No7rsIk0R2fZWVeqd0V34Pri5CQLIaz0KSoveu6aw+H9klDaBwGSJJSFEASU3f79d2kBuU1GNAz6raSMo9l1O6ZhV9JYMumCCDAV8VpVsXDzJitMSW0Th2dSYLDiVAO3ERCIkNgoMabv8YjoTEptLUxESTpEXrSCxUYChoYDPalIZ2BsFGJqSMWuVlq+6ClCb1lYFqOJpbZcqoaFZr3uVM/hVmVKyxSZTln4oG6MFqEr5Ihrj5zd6p69fsGI5r9/fWLd8K61kP31zu6dCJ9v1sxs9ket7GfU9y5Tp+sZ6sKCpf7/9SnrpD9rXrv2GBVC6++snLGDW6994wLRh2t+mf/+gbLJIO6UGYZj6hVYeRRiDjCmLTpf5IM36KMlVuuhfiIb6uS/3XkxmjdeffThrrHGfVsrWj5sZI7ep0422wjVEVXjrK9N1LTl1OjlrPnI2H4jZrvfby58ery481a4e5RX+2MvbyG0xIb1y/4PT6z9x+zbuR+9+Skaxi4vG9ZEX94Hr6umVq/cNm/oPQOMD19XL+eo/vjXzyTXg10LkfXp1vud/m+/UL7jVfcP+jFplUM71wNc3/lXMhPqwud/STwOX063+jc5h/7y93SnpXr+ijsE6vJf5uHWnsm9efy4v8t84mK5/ZjciXg/azvP6l9udqqHr/9BrFf0uD44Fb9mC3j3slx/HJUmuVlx+c8uSavjGvnzzndzS+OBG9RWmVEXkahqWL3SLjS0VTjR3GhgR/IzvsVIuYi/Ff3p8Q++cK2inU9dmPxZNjXfuxFP8y+vLUqHtw3VFEfcs//7ydifydf2VuDyP6YcuRCMPKjcCH5nsorx6Yc80+5X/ne8
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54eeccdd-2318-47ad-9001-0c06950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:35:57.000Z",
|
||
|
"modified": "2015-02-26T07:35:57.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
],
|
||
|
"x_misp_category": "External analysis",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "ScanBox"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eecd53-6ac8-4407-84ba-41a3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:37:55.000Z",
|
||
|
"modified": "2015-02-26T07:37:55.000Z",
|
||
|
"description": "Cluster 1",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '1.9.5.38']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:37:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eecd53-f488-4268-89e3-4638950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:37:55.000Z",
|
||
|
"modified": "2015-02-26T07:37:55.000Z",
|
||
|
"description": "Cluster 1",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.255.61.227']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:37:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eecd53-c7f0-4ce7-a3ab-4a1c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:37:55.000Z",
|
||
|
"modified": "2015-02-26T07:37:55.000Z",
|
||
|
"description": "Cluster 1",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.153.221']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:37:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eecd53-7e5c-4052-bf8b-4f25950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:37:55.000Z",
|
||
|
"modified": "2015-02-26T07:37:55.000Z",
|
||
|
"description": "Cluster 1",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.153.227']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:37:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eecd53-b41c-4133-9769-4e97950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:37:55.000Z",
|
||
|
"modified": "2015-02-26T07:37:55.000Z",
|
||
|
"description": "Cluster 1",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '174.121.122.73']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:37:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eecd61-9df8-4f1e-a163-4b05950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:38:09.000Z",
|
||
|
"modified": "2015-02-26T07:38:09.000Z",
|
||
|
"description": "Cluster 1",
|
||
|
"pattern": "[file:hashes.SHA256 = '4639c30b3666cb11b3927d5579790a88bff68e8137f18241f4693e0d4539c608']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:38:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eecd62-d410-4b78-a14b-4eec950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:38:10.000Z",
|
||
|
"modified": "2015-02-26T07:38:10.000Z",
|
||
|
"description": "Cluster 1",
|
||
|
"pattern": "[file:hashes.SHA1 = '809959f390d5a49c8999ad6fff27fdc92ff1b2b0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:38:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eecd62-8138-4bef-beb7-4b08950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:38:10.000Z",
|
||
|
"modified": "2015-02-26T07:38:10.000Z",
|
||
|
"description": "Cluster 1",
|
||
|
"pattern": "[file:hashes.SHA256 = 'ab58b6aa7dcc25d8f6e4b70a24e0ccede0d5f6129df02a9e61293c1d7d7640a2']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:38:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eecd62-3a60-4291-a2e9-4402950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:38:10.000Z",
|
||
|
"modified": "2015-02-26T07:38:10.000Z",
|
||
|
"description": "Cluster 1",
|
||
|
"pattern": "[file:hashes.SHA1 = 'e8a8ffe39040fe36e95217b4e4f1316177d675ed']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:38:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eecd77-cd3c-40b2-a248-4a3d950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:49:09.000Z",
|
||
|
"modified": "2015-02-26T07:49:09.000Z",
|
||
|
"description": "Cluster 1",
|
||
|
"pattern": "[domain-name:value = 'file.googlecaches.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:49:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eecd77-38c8-4450-835d-40e6950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:49:09.000Z",
|
||
|
"modified": "2015-02-26T07:49:09.000Z",
|
||
|
"description": "Cluster 1",
|
||
|
"pattern": "[domain-name:value = 'gtm.googlecaches.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:49:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eecd77-0b70-4b2f-b226-462f950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:49:09.000Z",
|
||
|
"modified": "2015-02-26T07:49:09.000Z",
|
||
|
"description": "Cluster 1",
|
||
|
"pattern": "[domain-name:value = 'js.googlewebcache.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:49:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eecd77-df34-4d9d-93d8-41eb950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:49:09.000Z",
|
||
|
"modified": "2015-02-26T07:49:09.000Z",
|
||
|
"description": "Cluster 1",
|
||
|
"pattern": "[domain-name:value = 'owa.outlookssl.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:49:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece6e-02c0-40ac-9fa9-478b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:42:38.000Z",
|
||
|
"modified": "2015-02-26T07:42:38.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[file:hashes.MD5 = '0a9545f9fc7a6d8596cf07a59f400fd3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:42:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece6e-a6d4-47be-bbbe-4c57950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:42:38.000Z",
|
||
|
"modified": "2015-02-26T07:42:38.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[file:hashes.MD5 = '230d8a7a60a07df28a291b13ddf3351f']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:42:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece6e-5c20-45e0-9c2c-4702950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:42:38.000Z",
|
||
|
"modified": "2015-02-26T07:42:38.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[file:hashes.MD5 = '815db4b8b5935ee0150bb5dd99847fb1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:42:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece6e-7094-4d7b-ab26-4ad6950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:42:38.000Z",
|
||
|
"modified": "2015-02-26T07:42:38.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[file:hashes.MD5 = 'd76be14a5e3a6ec45150ad2582f5c1a8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:42:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece85-54b0-4b2e-b57d-dcfc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:43:01.000Z",
|
||
|
"modified": "2015-02-26T07:43:01.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '142.4.114.71']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:43:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece85-c748-4a09-9c94-dcfc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:43:01.000Z",
|
||
|
"modified": "2015-02-26T07:43:01.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '148.163.29.33']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:43:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece85-71d4-4041-a4ae-dcfc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:43:01.000Z",
|
||
|
"modified": "2015-02-26T07:43:01.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.210.206.246']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:43:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece85-605c-4336-85e9-dcfc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:43:01.000Z",
|
||
|
"modified": "2015-02-26T07:43:01.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.199.254.126']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:43:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece85-45e4-4e79-9332-dcfc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:43:01.000Z",
|
||
|
"modified": "2015-02-26T07:43:01.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '199.36.75.153']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:43:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece85-24dc-4518-abfc-dcfc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:43:01.000Z",
|
||
|
"modified": "2015-02-26T07:43:01.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.86.156']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:43:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece85-58fc-4031-b907-dcfc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:43:01.000Z",
|
||
|
"modified": "2015-02-26T07:43:01.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '211.230.147.30']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:43:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece86-b8cc-4d7e-bac9-dcfc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:43:02.000Z",
|
||
|
"modified": "2015-02-26T07:43:02.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.240.147.30']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:43:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece86-b8bc-4a99-a41d-dcfc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:43:02.000Z",
|
||
|
"modified": "2015-02-26T07:43:02.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '216.99.147.30']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:43:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece86-ae68-4781-be83-dcfc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:43:02.000Z",
|
||
|
"modified": "2015-02-26T07:43:02.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.226.65.219']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:43:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece86-ac80-4097-bc50-dcfc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:43:02.000Z",
|
||
|
"modified": "2015-02-26T07:43:02.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '96.44.179.236']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:43:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eece86-9ddc-46ca-820d-dcfc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:43:02.000Z",
|
||
|
"modified": "2015-02-26T07:43:02.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.160.173.114']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:43:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06a-4b10-42b2-b2a1-447f950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:06.000Z",
|
||
|
"modified": "2015-02-26T07:51:06.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = '77xi.xxuz.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06a-7394-41c1-a127-4947950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:06.000Z",
|
||
|
"modified": "2015-02-26T07:51:06.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'bisononthevinayerd.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06a-0364-4434-8200-4c57950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:06.000Z",
|
||
|
"modified": "2015-02-26T07:51:06.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'chubb.4pu.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06a-fd34-41f6-b77a-4eee950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:06.000Z",
|
||
|
"modified": "2015-02-26T07:51:06.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'down.whatwhowhat.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06a-a408-4762-8523-47cb950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:06.000Z",
|
||
|
"modified": "2015-02-26T07:51:06.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'fp.whatwhowhat.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06b-7cc0-40e4-806f-4a40950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:07.000Z",
|
||
|
"modified": "2015-02-26T07:51:07.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'ftp.whatwhowhat.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06b-8408-442c-b5d2-44ad950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:07.000Z",
|
||
|
"modified": "2015-02-26T07:51:07.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'generalatomic.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06b-8720-48ca-ba15-4188950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:07.000Z",
|
||
|
"modified": "2015-02-26T07:51:07.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'infotechnew.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06b-6098-49d4-92cd-436c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:07.000Z",
|
||
|
"modified": "2015-02-26T07:51:07.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'kor.whatwhowhat.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06b-040c-4b7f-8545-458e950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:07.000Z",
|
||
|
"modified": "2015-02-26T07:51:07.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'linde-boc.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06b-596c-4106-9151-4b80950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:07.000Z",
|
||
|
"modified": "2015-02-26T07:51:07.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'mail.generalatomic.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06b-ac4c-4cd3-a775-4f1c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:07.000Z",
|
||
|
"modified": "2015-02-26T07:51:07.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'mail.whatwhowhat.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06b-dc84-4248-b0a4-4e08950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:07.000Z",
|
||
|
"modified": "2015-02-26T07:51:07.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'microscft.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06b-21d0-4caa-b1e0-479d950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:07.000Z",
|
||
|
"modified": "2015-02-26T07:51:07.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'msdn.microscft.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06b-77c4-4d2f-9ad5-4b15950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:07.000Z",
|
||
|
"modified": "2015-02-26T07:51:07.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'news.hudsononlinenews.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06c-9f40-4510-a2ce-414d950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:08.000Z",
|
||
|
"modified": "2015-02-26T07:51:08.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'oglobo-globo.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06c-99c8-4e6b-853c-4771950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:08.000Z",
|
||
|
"modified": "2015-02-26T07:51:08.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'packbot.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06c-db30-447f-98c5-441b950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:08.000Z",
|
||
|
"modified": "2015-02-26T07:51:08.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'pop.microscft.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06c-2d94-4024-8827-4f97950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:08.000Z",
|
||
|
"modified": "2015-02-26T07:51:08.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'pop3.microscft.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06c-8638-404d-a87a-4764950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:08.000Z",
|
||
|
"modified": "2015-02-26T07:51:08.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'realgamehouse.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06c-e6b4-4ee0-94c8-4b57950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:08.000Z",
|
||
|
"modified": "2015-02-26T07:51:08.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'sharepoint-vaeit.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06c-eb40-4956-90ab-41b5950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:08.000Z",
|
||
|
"modified": "2015-02-26T07:51:08.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'smtp.microscft.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06c-b940-41bf-895a-4a6a950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:08.000Z",
|
||
|
"modified": "2015-02-26T07:51:08.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'ssl-vaeit.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06c-49b8-4f8e-bea7-4313950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:08.000Z",
|
||
|
"modified": "2015-02-26T07:51:08.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'topsec2014.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06c-9ad8-4e5d-b821-4f3c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:08.000Z",
|
||
|
"modified": "2015-02-26T07:51:08.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'update.jkub.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06d-1e20-46b6-b0f6-4be2950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:09.000Z",
|
||
|
"modified": "2015-02-26T07:51:09.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'whatwhowhat.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06d-5068-49c5-a39f-4c4c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:09.000Z",
|
||
|
"modified": "2015-02-26T07:51:09.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'wiki-vaeit.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06d-7e80-44d7-b2e3-4b07950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:09.000Z",
|
||
|
"modified": "2015-02-26T07:51:09.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'www.bisononthevinayerd.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06d-c92c-4db2-aec4-494a950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:09.000Z",
|
||
|
"modified": "2015-02-26T07:51:09.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'www.linde-boc.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06d-7210-42b5-9945-44f4950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:09.000Z",
|
||
|
"modified": "2015-02-26T07:51:09.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'www.microscft.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06d-19c4-4b63-9da0-4281950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:09.000Z",
|
||
|
"modified": "2015-02-26T07:51:09.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'www.sharepoint-vaeit.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06d-f428-4c6e-b8b4-4c52950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:09.000Z",
|
||
|
"modified": "2015-02-26T07:51:09.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'www.ssl-vaeit.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed06d-3dd0-451e-90ed-4709950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:51:09.000Z",
|
||
|
"modified": "2015-02-26T07:51:09.000Z",
|
||
|
"description": "Cluster 2",
|
||
|
"pattern": "[domain-name:value = 'www.wiki-vaeit.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:51:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54eed0b2-e270-4773-8d42-4b67950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:52:18.000Z",
|
||
|
"modified": "2015-02-26T07:52:18.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Cluster 2. Registrant.",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "topsec_2014@163.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54eed0b2-012c-4f06-810c-4eff950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:52:18.000Z",
|
||
|
"modified": "2015-02-26T07:52:18.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Cluster 2. Registrant.",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "qw20140723@sina.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54eed0b3-5ca8-4342-bf7c-4262950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:52:19.000Z",
|
||
|
"modified": "2015-02-26T07:52:19.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Cluster 2. Registrant.",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "involveeptrk@gmail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54eed0b3-19a4-4bae-b2e6-4af7950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:52:19.000Z",
|
||
|
"modified": "2015-02-26T07:52:19.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Cluster 2. Registrant.",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "jonesjack477@yahoo.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54eed0b3-08b4-4f72-b926-4bb3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:52:19.000Z",
|
||
|
"modified": "2015-02-26T07:52:19.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Cluster 2. Registrant.",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "globo_o@yahoo.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54eed0b3-cf3c-4751-bc45-4a48950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:52:19.000Z",
|
||
|
"modified": "2015-02-26T07:52:19.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Cluster 2. Registrant.",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "galatomic@yahoo.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54eed0b3-0000-4b3b-ac41-45fc950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:52:19.000Z",
|
||
|
"modified": "2015-02-26T07:52:19.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Cluster 2. Registrant.",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "evaaliaf@yahoo.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54eed0b3-94d4-4549-b7d3-42b8950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:52:19.000Z",
|
||
|
"modified": "2015-02-26T07:52:19.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Cluster 2. Registrant.",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "EwibAFNxEe@gmx.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54eed0b3-e694-4887-aa2e-43bd950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:52:19.000Z",
|
||
|
"modified": "2015-02-26T07:52:19.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Cluster 2. Registrant.",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "ctoeszahwhtcef@sina.cn"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54eed0b3-1e9c-439e-b82b-481c950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:52:19.000Z",
|
||
|
"modified": "2015-02-26T07:52:19.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Cluster 2. Registrant.",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "aarwcsyhfb@gmx.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--54eed0b3-c054-4cc7-86f2-49c3950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:52:19.000Z",
|
||
|
"modified": "2015-02-26T07:52:19.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"text\"",
|
||
|
"misp:category=\"Attribution\""
|
||
|
],
|
||
|
"x_misp_category": "Attribution",
|
||
|
"x_misp_comment": "Cluster 2. Registrant.",
|
||
|
"x_misp_type": "text",
|
||
|
"x_misp_value": "allunking@outlook.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed113-2ac4-4d25-b3a7-4c4f950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:53:55.000Z",
|
||
|
"modified": "2015-02-26T07:53:55.000Z",
|
||
|
"description": "Cluster 4",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.10.161']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:53:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed113-bca4-43d1-9b3a-42e0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:53:55.000Z",
|
||
|
"modified": "2015-02-26T07:53:55.000Z",
|
||
|
"description": "Cluster 4",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.152.199.43']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:53:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed113-7c2c-4e51-b6b5-47ac950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:53:55.000Z",
|
||
|
"modified": "2015-02-26T07:53:55.000Z",
|
||
|
"description": "Cluster 4",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '50.2.24.211']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:53:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed113-e92c-4a6c-888c-44b0950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:53:55.000Z",
|
||
|
"modified": "2015-02-26T07:53:55.000Z",
|
||
|
"description": "Cluster 4",
|
||
|
"pattern": "[domain-name:value = 'bak.mailaunch.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:53:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed113-3364-44ae-80ff-4291950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:53:55.000Z",
|
||
|
"modified": "2015-02-26T07:53:55.000Z",
|
||
|
"description": "Cluster 4",
|
||
|
"pattern": "[file:hashes.SHA1 = 'f1890cc9d6dc84021426834063394539414f68d8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:53:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--54eed113-66ec-471a-8c52-4039950d210b",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2015-02-26T07:53:55.000Z",
|
||
|
"modified": "2015-02-26T07:53:55.000Z",
|
||
|
"description": "Cluster 4",
|
||
|
"pattern": "[domain-name:value = 'us-mg6.mail.yahoo.mailaunch.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2015-02-26T07:53:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c65608-90e0-4817-a526-599c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T23:38:48.000Z",
|
||
|
"modified": "2016-02-18T23:38:48.000Z",
|
||
|
"description": "Automatically added (via f1890cc9d6dc84021426834063394539414f68d8)",
|
||
|
"pattern": "[file:hashes.MD5 = 'be3a3daa7d0d11df2380d3401696624a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T23:38:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c6560a-2ce0-4424-b699-599c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T23:38:50.000Z",
|
||
|
"modified": "2016-02-18T23:38:50.000Z",
|
||
|
"description": "Automatically added (via e8a8ffe39040fe36e95217b4e4f1316177d675ed)",
|
||
|
"pattern": "[file:hashes.MD5 = 'ef498ea09bf51b002fc7eb3dfd0d19d3']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T23:38:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c6560b-e72c-49f5-8eb8-c651950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T23:38:51.000Z",
|
||
|
"modified": "2016-02-18T23:38:51.000Z",
|
||
|
"description": "Automatically added (via 809959f390d5a49c8999ad6fff27fdc92ff1b2b0)",
|
||
|
"pattern": "[file:hashes.MD5 = '9cf5523da799277a4d40881199eb8325']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T23:38:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c65604-90ac-4fac-b81b-c653950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T23:38:44.000Z",
|
||
|
"modified": "2016-02-18T23:38:44.000Z",
|
||
|
"description": "Automatically added (via 230d8a7a60a07df28a291b13ddf3351f)",
|
||
|
"pattern": "[file:hashes.SHA1 = 'de71fd21781ae1eed0dbba6bf915a65cc4c0f984']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T23:38:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c65606-a570-41a5-a515-599e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T23:38:46.000Z",
|
||
|
"modified": "2016-02-18T23:38:46.000Z",
|
||
|
"description": "Automatically added (via 0a9545f9fc7a6d8596cf07a59f400fd3)",
|
||
|
"pattern": "[file:hashes.SHA1 = '0559cf194ec7c750966cb277348ef4278bde9cea']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T23:38:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c65605-fa14-45c5-9a6e-59a1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T23:38:45.000Z",
|
||
|
"modified": "2016-02-18T23:38:45.000Z",
|
||
|
"description": "Automatically added (via 230d8a7a60a07df28a291b13ddf3351f)",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd4be6c9117db9de21138ae26d1d0c3cfb38fd7a19fa07c828731fa2ac756ef8d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T23:38:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c65607-29c0-41d1-8dfc-c652950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T23:38:47.000Z",
|
||
|
"modified": "2016-02-18T23:38:47.000Z",
|
||
|
"description": "Automatically added (via 0a9545f9fc7a6d8596cf07a59f400fd3)",
|
||
|
"pattern": "[file:hashes.SHA256 = '77421106548e69e9666c538ad628918cad7cfcf8f6aa7825f71a4fc39e522a7d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T23:38:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--56c65609-00a8-447c-948b-c651950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2016-02-18T23:38:49.000Z",
|
||
|
"modified": "2016-02-18T23:38:49.000Z",
|
||
|
"description": "Automatically added (via f1890cc9d6dc84021426834063394539414f68d8)",
|
||
|
"pattern": "[file:hashes.SHA256 = '3112420afeb829a575ba46512314c0fab2fc80870c153de35cde4d3140a2dd26']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2016-02-18T23:38:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:GREEN",
|
||
|
"definition": {
|
||
|
"tlp": "green"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|