740 lines
30 KiB
JSON
740 lines
30 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5a4c9342-6d0c-43af-bd8d-45ae950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:13.000Z",
|
||
|
"modified": "2018-01-03T21:00:13.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "grouping",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "grouping--5a4c9342-6d0c-43af-bd8d-45ae950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:13.000Z",
|
||
|
"modified": "2018-01-03T21:00:13.000Z",
|
||
|
"name": "M2M - GlobeImposter \"..doc\" 2017-12-26 :\n \"CCE26122017_001234\" - \"CCE26122017_001234.7z\"",
|
||
|
"context": "suspicious-activity",
|
||
|
"object_refs": [
|
||
|
"indicator--5a4c9343-40f0-4ce2-846b-4111950d210f",
|
||
|
"indicator--5a4c9345-3f4c-4a63-99b7-4cfa950d210f",
|
||
|
"observed-data--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
|
||
|
"network-traffic--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
|
||
|
"ipv4-addr--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
|
||
|
"indicator--5a4c9349-a040-499f-a47c-4dbf950d210f",
|
||
|
"observed-data--5a4c934c-dbc0-4caf-9085-46fe950d210f",
|
||
|
"network-traffic--5a4c934c-dbc0-4caf-9085-46fe950d210f",
|
||
|
"ipv4-addr--5a4c934c-dbc0-4caf-9085-46fe950d210f",
|
||
|
"indicator--5a4c934e-e494-4d21-b6e2-4781950d210f",
|
||
|
"observed-data--5a4c934f-4970-45ca-be63-4040950d210f",
|
||
|
"network-traffic--5a4c934f-4970-45ca-be63-4040950d210f",
|
||
|
"ipv4-addr--5a4c934f-4970-45ca-be63-4040950d210f",
|
||
|
"indicator--5a4c9351-b7c8-4acd-bd78-41d4950d210f",
|
||
|
"observed-data--5a4c9354-e4fc-4246-bed3-42c1950d210f",
|
||
|
"network-traffic--5a4c9354-e4fc-4246-bed3-42c1950d210f",
|
||
|
"ipv4-addr--5a4c9354-e4fc-4246-bed3-42c1950d210f",
|
||
|
"indicator--5a4c9357-0ae8-48ca-ab7c-4711950d210f",
|
||
|
"observed-data--5a4c935d-1f14-4ceb-8023-41e8950d210f",
|
||
|
"network-traffic--5a4c935d-1f14-4ceb-8023-41e8950d210f",
|
||
|
"ipv4-addr--5a4c935d-1f14-4ceb-8023-41e8950d210f",
|
||
|
"indicator--5a4c9360-daf8-4fda-b153-4cbf950d210f",
|
||
|
"observed-data--5a4c9361-0bf8-4741-966e-4f75950d210f",
|
||
|
"network-traffic--5a4c9361-0bf8-4741-966e-4f75950d210f",
|
||
|
"ipv4-addr--5a4c9361-0bf8-4741-966e-4f75950d210f",
|
||
|
"indicator--5a4c9363-b514-49be-ba68-4a1f950d210f",
|
||
|
"observed-data--5a4c9365-9ad4-4148-a48f-4263950d210f",
|
||
|
"network-traffic--5a4c9365-9ad4-4148-a48f-4263950d210f",
|
||
|
"ipv4-addr--5a4c9365-9ad4-4148-a48f-4263950d210f",
|
||
|
"indicator--5a4c9366-4e2c-49e4-8f54-4a64950d210f",
|
||
|
"indicator--5a4c9369-9360-4f29-b2be-46c9950d210f",
|
||
|
"observed-data--5a4c936b-a718-4cac-8d9b-4372950d210f",
|
||
|
"network-traffic--5a4c936b-a718-4cac-8d9b-4372950d210f",
|
||
|
"ipv4-addr--5a4c936b-a718-4cac-8d9b-4372950d210f",
|
||
|
"indicator--5a4c936d-a89c-4d5d-aeb8-409a950d210f",
|
||
|
"indicator--5a4c936f-56bc-426e-82b3-4424950d210f",
|
||
|
"observed-data--5a4c9371-7718-4100-a2fd-4691950d210f",
|
||
|
"network-traffic--5a4c9371-7718-4100-a2fd-4691950d210f",
|
||
|
"ipv4-addr--5a4c9371-7718-4100-a2fd-4691950d210f",
|
||
|
"indicator--ec0a50d0-04a4-4d78-8733-2db510b2b341",
|
||
|
"x-misp-object--30fa5596-8179-4698-9b89-737ed09681d2",
|
||
|
"relationship--92684dd1-db4d-4068-b4ac-a7605c6f8be0"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"misp-galaxy:ransomware=\"Fake Globe Ransomware\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a4c9343-40f0-4ce2-846b-4111950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T08:24:35.000Z",
|
||
|
"modified": "2018-01-03T08:24:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2ca016fa98dd5227625befe9edfaba98']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-03T08:24:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a4c9345-3f4c-4a63-99b7-4cfa950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"pattern": "[domain-name:value = 'www.caynannews.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-03T21:00:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"first_observed": "2018-01-03T21:00:05Z",
|
||
|
"last_observed": "2018-01-03T21:00:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
|
||
|
"ipv4-addr--5a4c9346-90d8-4eb0-ac57-4a2f950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a4c9346-90d8-4eb0-ac57-4a2f950d210f",
|
||
|
"value": "213.168.251.122"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a4c9349-a040-499f-a47c-4dbf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"pattern": "[domain-name:value = 'www.pspmagic.ru']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-03T21:00:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a4c934c-dbc0-4caf-9085-46fe950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"first_observed": "2018-01-03T21:00:05Z",
|
||
|
"last_observed": "2018-01-03T21:00:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a4c934c-dbc0-4caf-9085-46fe950d210f",
|
||
|
"ipv4-addr--5a4c934c-dbc0-4caf-9085-46fe950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a4c934c-dbc0-4caf-9085-46fe950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a4c934c-dbc0-4caf-9085-46fe950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a4c934c-dbc0-4caf-9085-46fe950d210f",
|
||
|
"value": "185.181.116.171"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a4c934e-e494-4d21-b6e2-4781950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"pattern": "[domain-name:value = 'www.software24x7.us']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-03T21:00:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a4c934f-4970-45ca-be63-4040950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"first_observed": "2018-01-03T21:00:05Z",
|
||
|
"last_observed": "2018-01-03T21:00:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a4c934f-4970-45ca-be63-4040950d210f",
|
||
|
"ipv4-addr--5a4c934f-4970-45ca-be63-4040950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a4c934f-4970-45ca-be63-4040950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a4c934f-4970-45ca-be63-4040950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a4c934f-4970-45ca-be63-4040950d210f",
|
||
|
"value": "67.59.136.100"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a4c9351-b7c8-4acd-bd78-41d4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"pattern": "[domain-name:value = 'www.ta-pu.ir']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-03T21:00:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a4c9354-e4fc-4246-bed3-42c1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"first_observed": "2018-01-03T21:00:05Z",
|
||
|
"last_observed": "2018-01-03T21:00:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a4c9354-e4fc-4246-bed3-42c1950d210f",
|
||
|
"ipv4-addr--5a4c9354-e4fc-4246-bed3-42c1950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a4c9354-e4fc-4246-bed3-42c1950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a4c9354-e4fc-4246-bed3-42c1950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a4c9354-e4fc-4246-bed3-42c1950d210f",
|
||
|
"value": "164.215.130.66"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a4c9357-0ae8-48ca-ab7c-4711950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"pattern": "[domain-name:value = 'www.thedournalist.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-03T21:00:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a4c935d-1f14-4ceb-8023-41e8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"first_observed": "2018-01-03T21:00:05Z",
|
||
|
"last_observed": "2018-01-03T21:00:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a4c935d-1f14-4ceb-8023-41e8950d210f",
|
||
|
"ipv4-addr--5a4c935d-1f14-4ceb-8023-41e8950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a4c935d-1f14-4ceb-8023-41e8950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a4c935d-1f14-4ceb-8023-41e8950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a4c935d-1f14-4ceb-8023-41e8950d210f",
|
||
|
"value": "86.106.30.37"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a4c9360-daf8-4fda-b153-4cbf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"pattern": "[domain-name:value = 'www.trafik-site.ru']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-03T21:00:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a4c9361-0bf8-4741-966e-4f75950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"first_observed": "2018-01-03T21:00:05Z",
|
||
|
"last_observed": "2018-01-03T21:00:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a4c9361-0bf8-4741-966e-4f75950d210f",
|
||
|
"ipv4-addr--5a4c9361-0bf8-4741-966e-4f75950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a4c9361-0bf8-4741-966e-4f75950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a4c9361-0bf8-4741-966e-4f75950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a4c9361-0bf8-4741-966e-4f75950d210f",
|
||
|
"value": "31.31.196.247"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a4c9363-b514-49be-ba68-4a1f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"pattern": "[domain-name:value = 'www.zhaksylyk.kz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-03T21:00:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a4c9365-9ad4-4148-a48f-4263950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"first_observed": "2018-01-03T21:00:05Z",
|
||
|
"last_observed": "2018-01-03T21:00:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a4c9365-9ad4-4148-a48f-4263950d210f",
|
||
|
"ipv4-addr--5a4c9365-9ad4-4148-a48f-4263950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a4c9365-9ad4-4148-a48f-4263950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a4c9365-9ad4-4148-a48f-4263950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a4c9365-9ad4-4148-a48f-4263950d210f",
|
||
|
"value": "185.98.7.180"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a4c9366-4e2c-49e4-8f54-4a64950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"pattern": "[url:value = 'https://topyzscsu5poprxy.onion.link/shfgealjh.php']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-03T21:00:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a4c9369-9360-4f29-b2be-46c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"pattern": "[domain-name:value = 'topyzscsu5poprxy.onion.link']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-03T21:00:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a4c936b-a718-4cac-8d9b-4372950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"first_observed": "2018-01-03T21:00:05Z",
|
||
|
"last_observed": "2018-01-03T21:00:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a4c936b-a718-4cac-8d9b-4372950d210f",
|
||
|
"ipv4-addr--5a4c936b-a718-4cac-8d9b-4372950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a4c936b-a718-4cac-8d9b-4372950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a4c936b-a718-4cac-8d9b-4372950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a4c936b-a718-4cac-8d9b-4372950d210f",
|
||
|
"value": "103.198.0.2"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a4c936d-a89c-4d5d-aeb8-409a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"pattern": "[url:value = 'http://psoeiras.net/js/count.php?nu=105&fb=110']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-03T21:00:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a4c936f-56bc-426e-82b3-4424950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"pattern": "[domain-name:value = 'psoeiras.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-03T21:00:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a4c9371-7718-4100-a2fd-4691950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:05.000Z",
|
||
|
"modified": "2018-01-03T21:00:05.000Z",
|
||
|
"first_observed": "2018-01-03T21:00:05Z",
|
||
|
"last_observed": "2018-01-03T21:00:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--5a4c9371-7718-4100-a2fd-4691950d210f",
|
||
|
"ipv4-addr--5a4c9371-7718-4100-a2fd-4691950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--5a4c9371-7718-4100-a2fd-4691950d210f",
|
||
|
"dst_ref": "ipv4-addr--5a4c9371-7718-4100-a2fd-4691950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--5a4c9371-7718-4100-a2fd-4691950d210f",
|
||
|
"value": "74.220.219.67"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--ec0a50d0-04a4-4d78-8733-2db510b2b341",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:08.000Z",
|
||
|
"modified": "2018-01-03T21:00:08.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '2ca016fa98dd5227625befe9edfaba98' AND file:hashes.SHA1 = 'd0e9dea7f6bf547d854573dd03b6fbeaa1965752' AND file:hashes.SHA256 = '3a9d5976fbf41daf80f0eb9e6b7aadcece52a82fe9609984ef7f8ea166048547']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-03T21:00:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "file"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:name=\"file\"",
|
||
|
"misp:meta-category=\"file\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-object",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-object--30fa5596-8179-4698-9b89-737ed09681d2",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2018-01-03T21:00:06.000Z",
|
||
|
"modified": "2018-01-03T21:00:06.000Z",
|
||
|
"labels": [
|
||
|
"misp:name=\"virustotal-report\"",
|
||
|
"misp:meta-category=\"misc\""
|
||
|
],
|
||
|
"x_misp_attributes": [
|
||
|
{
|
||
|
"type": "link",
|
||
|
"object_relation": "permalink",
|
||
|
"value": "https://www.virustotal.com/file/3a9d5976fbf41daf80f0eb9e6b7aadcece52a82fe9609984ef7f8ea166048547/analysis/1514940489/",
|
||
|
"category": "External analysis",
|
||
|
"uuid": "5a4d4456-62d8-4896-b384-42ce02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "text",
|
||
|
"object_relation": "detection-ratio",
|
||
|
"value": "45/68",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a4d4456-6f60-47f3-bf38-412d02de0b81"
|
||
|
},
|
||
|
{
|
||
|
"type": "datetime",
|
||
|
"object_relation": "last-submission",
|
||
|
"value": "2018-01-03 00:48:09",
|
||
|
"category": "Other",
|
||
|
"uuid": "5a4d4456-7360-4315-8aa6-4f9c02de0b81"
|
||
|
}
|
||
|
],
|
||
|
"x_misp_meta_category": "misc",
|
||
|
"x_misp_name": "virustotal-report"
|
||
|
},
|
||
|
{
|
||
|
"type": "relationship",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "relationship--92684dd1-db4d-4068-b4ac-a7605c6f8be0",
|
||
|
"created": "2018-01-03T21:00:06.000Z",
|
||
|
"modified": "2018-01-03T21:00:06.000Z",
|
||
|
"relationship_type": "analysed-with",
|
||
|
"source_ref": "indicator--ec0a50d0-04a4-4d78-8733-2db510b2b341",
|
||
|
"target_ref": "x-misp-object--30fa5596-8179-4698-9b89-737ed09681d2"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|