2622 lines
104 KiB
JSON
2622 lines
104 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--593e830b-a7e0-481c-b1a1-4390950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T13:07:09.000Z",
|
||
|
"modified": "2017-06-12T13:07:09.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--593e830b-a7e0-481c-b1a1-4390950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T13:07:09.000Z",
|
||
|
"modified": "2017-06-12T13:07:09.000Z",
|
||
|
"name": "M2M - Trickbot 2017-06-12 : mac1 : Facture N 1234 du 12/06/2017 - \"FACTURE_1234.zip\"",
|
||
|
"published": "2017-06-12T13:09:13Z",
|
||
|
"object_refs": [
|
||
|
"indicator--593e830c-0140-4e3b-94b4-49a4950d210f",
|
||
|
"indicator--593e830c-f05c-4cf3-83b7-441b950d210f",
|
||
|
"indicator--593e830d-f804-4c3f-9d24-4fdf950d210f",
|
||
|
"indicator--593e830d-9734-49e5-a767-48e1950d210f",
|
||
|
"observed-data--593e830e-f474-48b6-8db4-4069950d210f",
|
||
|
"network-traffic--593e830e-f474-48b6-8db4-4069950d210f",
|
||
|
"ipv4-addr--593e830e-f474-48b6-8db4-4069950d210f",
|
||
|
"indicator--593e830e-f1bc-4b39-a3d1-411d950d210f",
|
||
|
"indicator--593e830f-9ad8-44dc-93a5-459f950d210f",
|
||
|
"observed-data--593e8314-a65c-4ac9-a9e4-426b950d210f",
|
||
|
"network-traffic--593e8314-a65c-4ac9-a9e4-426b950d210f",
|
||
|
"ipv4-addr--593e8314-a65c-4ac9-a9e4-426b950d210f",
|
||
|
"indicator--593e8314-095c-4451-bb76-47ae950d210f",
|
||
|
"indicator--593e8315-aac0-4fa2-9321-4f0b950d210f",
|
||
|
"observed-data--593e8315-4c74-4b39-b32b-4e17950d210f",
|
||
|
"network-traffic--593e8315-4c74-4b39-b32b-4e17950d210f",
|
||
|
"ipv4-addr--593e8315-4c74-4b39-b32b-4e17950d210f",
|
||
|
"indicator--593e8316-7b40-4e13-ab97-4103950d210f",
|
||
|
"indicator--593e8316-826c-42f7-abaa-4902950d210f",
|
||
|
"observed-data--593e8317-dcf4-4dc3-b749-416d950d210f",
|
||
|
"network-traffic--593e8317-dcf4-4dc3-b749-416d950d210f",
|
||
|
"ipv4-addr--593e8317-dcf4-4dc3-b749-416d950d210f",
|
||
|
"indicator--593e8317-9470-468e-93a9-450e950d210f",
|
||
|
"indicator--593e8318-5c2c-4445-af0d-435e950d210f",
|
||
|
"observed-data--593e8318-6d78-4350-9c33-49a2950d210f",
|
||
|
"network-traffic--593e8318-6d78-4350-9c33-49a2950d210f",
|
||
|
"ipv4-addr--593e8318-6d78-4350-9c33-49a2950d210f",
|
||
|
"indicator--593e8319-3078-4fa4-8ae2-44d4950d210f",
|
||
|
"indicator--593e8319-06e0-492e-9c42-4945950d210f",
|
||
|
"observed-data--593e831a-8dfc-4c3e-8778-4034950d210f",
|
||
|
"network-traffic--593e831a-8dfc-4c3e-8778-4034950d210f",
|
||
|
"ipv4-addr--593e831a-8dfc-4c3e-8778-4034950d210f",
|
||
|
"indicator--593e831a-b944-47f8-aa94-496e950d210f",
|
||
|
"indicator--593e831b-ecd4-4b92-8fcc-4b50950d210f",
|
||
|
"indicator--593e831c-9514-496b-ae82-4b57950d210f",
|
||
|
"indicator--593e831d-b838-487b-8106-462a950d210f",
|
||
|
"observed-data--593e831d-e078-43a7-a93c-498b950d210f",
|
||
|
"network-traffic--593e831d-e078-43a7-a93c-498b950d210f",
|
||
|
"ipv4-addr--593e831d-e078-43a7-a93c-498b950d210f",
|
||
|
"indicator--593e831e-a8d0-4237-a9ec-448f950d210f",
|
||
|
"indicator--593e831e-19f4-4ea1-a51c-45bc950d210f",
|
||
|
"observed-data--593e831f-52cc-474c-8f01-45b8950d210f",
|
||
|
"network-traffic--593e831f-52cc-474c-8f01-45b8950d210f",
|
||
|
"ipv4-addr--593e831f-52cc-474c-8f01-45b8950d210f",
|
||
|
"indicator--593e831f-215c-42b2-89c5-4acf950d210f",
|
||
|
"indicator--593e8320-f290-4230-8df9-41a6950d210f",
|
||
|
"observed-data--593e8320-cbe8-4902-b02f-4eb6950d210f",
|
||
|
"network-traffic--593e8320-cbe8-4902-b02f-4eb6950d210f",
|
||
|
"ipv4-addr--593e8320-cbe8-4902-b02f-4eb6950d210f",
|
||
|
"indicator--593e8321-fcc8-4427-9ccc-4765950d210f",
|
||
|
"indicator--593e8321-be7c-4926-9a47-4c63950d210f",
|
||
|
"observed-data--593e8322-24e8-49d1-bc57-439a950d210f",
|
||
|
"network-traffic--593e8322-24e8-49d1-bc57-439a950d210f",
|
||
|
"ipv4-addr--593e8322-24e8-49d1-bc57-439a950d210f",
|
||
|
"indicator--593e8322-daf4-4175-97bf-49e4950d210f",
|
||
|
"indicator--593e8323-c26c-4b9d-a0eb-45f1950d210f",
|
||
|
"observed-data--593e8323-4350-49eb-b71f-4416950d210f",
|
||
|
"network-traffic--593e8323-4350-49eb-b71f-4416950d210f",
|
||
|
"ipv4-addr--593e8323-4350-49eb-b71f-4416950d210f",
|
||
|
"indicator--593e8324-5d48-4309-acb8-4634950d210f",
|
||
|
"indicator--593e8324-1bc0-4a6d-abd5-4970950d210f",
|
||
|
"observed-data--593e8325-b838-4c2a-99f5-42d2950d210f",
|
||
|
"network-traffic--593e8325-b838-4c2a-99f5-42d2950d210f",
|
||
|
"ipv4-addr--593e8325-b838-4c2a-99f5-42d2950d210f",
|
||
|
"indicator--593e8325-c4ac-4a5c-bc71-4ac5950d210f",
|
||
|
"indicator--593e8326-2bdc-4409-bf04-477f950d210f",
|
||
|
"observed-data--593e8326-ecc4-4527-93ec-4557950d210f",
|
||
|
"network-traffic--593e8326-ecc4-4527-93ec-4557950d210f",
|
||
|
"ipv4-addr--593e8326-ecc4-4527-93ec-4557950d210f",
|
||
|
"indicator--593e8327-7840-4ae2-83f5-4ccd950d210f",
|
||
|
"indicator--593e8327-1260-404f-a874-4f5d950d210f",
|
||
|
"observed-data--593e8328-faf4-410c-9a48-4916950d210f",
|
||
|
"network-traffic--593e8328-faf4-410c-9a48-4916950d210f",
|
||
|
"ipv4-addr--593e8328-faf4-410c-9a48-4916950d210f",
|
||
|
"indicator--593e8328-4648-4dde-8bc0-4b0e950d210f",
|
||
|
"indicator--593e8329-287c-44e1-95ce-4d03950d210f",
|
||
|
"observed-data--593e8329-b9b8-4c0a-8d9f-4f12950d210f",
|
||
|
"network-traffic--593e8329-b9b8-4c0a-8d9f-4f12950d210f",
|
||
|
"ipv4-addr--593e8329-b9b8-4c0a-8d9f-4f12950d210f",
|
||
|
"indicator--593e832a-a528-4813-8d48-4783950d210f",
|
||
|
"indicator--593e832a-7dd0-4fa0-94da-4478950d210f",
|
||
|
"observed-data--593e832b-5028-4db3-9962-41da950d210f",
|
||
|
"network-traffic--593e832b-5028-4db3-9962-41da950d210f",
|
||
|
"ipv4-addr--593e832b-5028-4db3-9962-41da950d210f",
|
||
|
"indicator--593e832b-8c6c-4f09-8dea-464f950d210f",
|
||
|
"indicator--593e832c-662c-4bb0-a62d-4738950d210f",
|
||
|
"observed-data--593e832c-dd90-4efd-bb37-42f4950d210f",
|
||
|
"network-traffic--593e832c-dd90-4efd-bb37-42f4950d210f",
|
||
|
"ipv4-addr--593e832c-dd90-4efd-bb37-42f4950d210f",
|
||
|
"indicator--593e832d-8444-41dc-b8cb-44c2950d210f",
|
||
|
"indicator--593e832d-43cc-4445-a5b7-47c6950d210f",
|
||
|
"observed-data--593e832e-e768-42f1-b16b-43da950d210f",
|
||
|
"network-traffic--593e832e-e768-42f1-b16b-43da950d210f",
|
||
|
"ipv4-addr--593e832e-e768-42f1-b16b-43da950d210f",
|
||
|
"indicator--593e832e-2fdc-4a26-9eb8-4d20950d210f",
|
||
|
"indicator--593e832f-db48-47b7-9975-4c8e950d210f",
|
||
|
"observed-data--593e832f-2594-4f93-9a9d-4d88950d210f",
|
||
|
"network-traffic--593e832f-2594-4f93-9a9d-4d88950d210f",
|
||
|
"ipv4-addr--593e832f-2594-4f93-9a9d-4d88950d210f",
|
||
|
"indicator--593e8330-2a64-4c8d-96bf-4456950d210f",
|
||
|
"indicator--593e8330-712c-4e4e-a21a-44bb950d210f",
|
||
|
"observed-data--593e8331-034c-4ebe-93be-4db3950d210f",
|
||
|
"network-traffic--593e8331-034c-4ebe-93be-4db3950d210f",
|
||
|
"ipv4-addr--593e8331-034c-4ebe-93be-4db3950d210f",
|
||
|
"indicator--593e8331-d728-41b4-b921-4984950d210f",
|
||
|
"indicator--593e8332-6fd8-4e89-975b-4c90950d210f",
|
||
|
"observed-data--593e8332-f930-4469-816b-44b9950d210f",
|
||
|
"network-traffic--593e8332-f930-4469-816b-44b9950d210f",
|
||
|
"ipv4-addr--593e8332-f930-4469-816b-44b9950d210f",
|
||
|
"indicator--593e8333-1280-44e3-a809-4703950d210f",
|
||
|
"indicator--593e8333-7350-49ab-b1c9-4f22950d210f",
|
||
|
"observed-data--593e8334-f6f4-487e-b271-4d45950d210f",
|
||
|
"network-traffic--593e8334-f6f4-487e-b271-4d45950d210f",
|
||
|
"ipv4-addr--593e8334-f6f4-487e-b271-4d45950d210f",
|
||
|
"indicator--593e8334-40b4-45d2-a173-4bff950d210f",
|
||
|
"indicator--593e8335-9bd4-4ad4-9c7d-4153950d210f",
|
||
|
"observed-data--593e833a-def8-4469-9df3-4d84950d210f",
|
||
|
"network-traffic--593e833a-def8-4469-9df3-4d84950d210f",
|
||
|
"ipv4-addr--593e833a-def8-4469-9df3-4d84950d210f",
|
||
|
"indicator--593e833b-9040-42c7-89aa-4ac6950d210f",
|
||
|
"indicator--593e833b-5b90-4c0e-b8f9-caa4950d210f",
|
||
|
"observed-data--593e833f-66a8-4342-a4b5-4d6c950d210f",
|
||
|
"network-traffic--593e833f-66a8-4342-a4b5-4d6c950d210f",
|
||
|
"ipv4-addr--593e833f-66a8-4342-a4b5-4d6c950d210f",
|
||
|
"observed-data--593e8346-e050-4ef0-89bb-caa4950d210f",
|
||
|
"url--593e8346-e050-4ef0-89bb-caa4950d210f",
|
||
|
"observed-data--593e8347-dfb4-4122-8804-4b4e950d210f",
|
||
|
"network-traffic--593e8347-dfb4-4122-8804-4b4e950d210f",
|
||
|
"ipv4-addr--593e8347-dfb4-4122-8804-4b4e950d210f",
|
||
|
"observed-data--593e8347-7054-41bf-bbbe-418e950d210f",
|
||
|
"url--593e8347-7054-41bf-bbbe-418e950d210f",
|
||
|
"observed-data--593e8348-fca0-463a-be40-4e19950d210f",
|
||
|
"network-traffic--593e8348-fca0-463a-be40-4e19950d210f",
|
||
|
"ipv4-addr--593e8348-fca0-463a-be40-4e19950d210f",
|
||
|
"observed-data--593e8348-ce30-4784-8b21-44da950d210f",
|
||
|
"url--593e8348-ce30-4784-8b21-44da950d210f",
|
||
|
"observed-data--593e8349-c5f8-4cf7-97f5-4e20950d210f",
|
||
|
"network-traffic--593e8349-c5f8-4cf7-97f5-4e20950d210f",
|
||
|
"ipv4-addr--593e8349-c5f8-4cf7-97f5-4e20950d210f",
|
||
|
"observed-data--593e8349-4034-41b5-8403-4afe950d210f",
|
||
|
"url--593e8349-4034-41b5-8403-4afe950d210f",
|
||
|
"observed-data--593e8349-457c-4c27-9868-485c950d210f",
|
||
|
"network-traffic--593e8349-457c-4c27-9868-485c950d210f",
|
||
|
"ipv4-addr--593e8349-457c-4c27-9868-485c950d210f",
|
||
|
"observed-data--593e834a-fc4c-4e93-a04a-4e1d950d210f",
|
||
|
"url--593e834a-fc4c-4e93-a04a-4e1d950d210f",
|
||
|
"observed-data--593e834a-2c78-4c28-a47c-48a2950d210f",
|
||
|
"network-traffic--593e834a-2c78-4c28-a47c-48a2950d210f",
|
||
|
"ipv4-addr--593e834a-2c78-4c28-a47c-48a2950d210f",
|
||
|
"observed-data--593e834b-2278-4999-9719-43e5950d210f",
|
||
|
"url--593e834b-2278-4999-9719-43e5950d210f",
|
||
|
"observed-data--593e834b-2e6c-4ceb-80dc-4c82950d210f",
|
||
|
"network-traffic--593e834b-2e6c-4ceb-80dc-4c82950d210f",
|
||
|
"ipv4-addr--593e834b-2e6c-4ceb-80dc-4c82950d210f",
|
||
|
"observed-data--593e834c-7158-4e60-9731-4ddd950d210f",
|
||
|
"url--593e834c-7158-4e60-9731-4ddd950d210f",
|
||
|
"observed-data--593e834c-d150-48e9-8a4f-4e91950d210f",
|
||
|
"network-traffic--593e834c-d150-48e9-8a4f-4e91950d210f",
|
||
|
"ipv4-addr--593e834c-d150-48e9-8a4f-4e91950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e830c-0140-4e3b-94b4-49a4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:24.000Z",
|
||
|
"modified": "2017-06-12T12:03:24.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'b1826d53ae551f2969a347dd1804c76d']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e830c-f05c-4cf3-83b7-441b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:24.000Z",
|
||
|
"modified": "2017-06-12T12:03:24.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '20f52f4da77210883918021880d5068c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e830d-f804-4c3f-9d24-4fdf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:25.000Z",
|
||
|
"modified": "2017-06-12T12:03:25.000Z",
|
||
|
"pattern": "[url:value = 'http://1000i.co/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e830d-9734-49e5-a767-48e1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:25.000Z",
|
||
|
"modified": "2017-06-12T12:03:25.000Z",
|
||
|
"pattern": "[domain-name:value = '1000i.co']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e830e-f474-48b6-8db4-4069950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:26.000Z",
|
||
|
"modified": "2017-06-12T12:03:26.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:26Z",
|
||
|
"last_observed": "2017-06-12T12:03:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e830e-f474-48b6-8db4-4069950d210f",
|
||
|
"ipv4-addr--593e830e-f474-48b6-8db4-4069950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e830e-f474-48b6-8db4-4069950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e830e-f474-48b6-8db4-4069950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e830e-f474-48b6-8db4-4069950d210f",
|
||
|
"value": "144.76.27.232"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e830e-f1bc-4b39-a3d1-411d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:26.000Z",
|
||
|
"modified": "2017-06-12T12:03:26.000Z",
|
||
|
"pattern": "[url:value = 'http://78tguyc876wwirglmltm.net/af/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e830f-9ad8-44dc-93a5-459f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:27.000Z",
|
||
|
"modified": "2017-06-12T12:03:27.000Z",
|
||
|
"pattern": "[domain-name:value = '78tguyc876wwirglmltm.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8314-a65c-4ac9-a9e4-426b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:32.000Z",
|
||
|
"modified": "2017-06-12T12:03:32.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:32Z",
|
||
|
"last_observed": "2017-06-12T12:03:32Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8314-a65c-4ac9-a9e4-426b950d210f",
|
||
|
"ipv4-addr--593e8314-a65c-4ac9-a9e4-426b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8314-a65c-4ac9-a9e4-426b950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8314-a65c-4ac9-a9e4-426b950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8314-a65c-4ac9-a9e4-426b950d210f",
|
||
|
"value": "119.28.85.128"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8314-095c-4451-bb76-47ae950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:32.000Z",
|
||
|
"modified": "2017-06-12T12:03:32.000Z",
|
||
|
"pattern": "[url:value = 'http://aacom.pl/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8315-aac0-4fa2-9321-4f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:33.000Z",
|
||
|
"modified": "2017-06-12T12:03:33.000Z",
|
||
|
"pattern": "[domain-name:value = 'aacom.pl']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8315-4c74-4b39-b32b-4e17950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:33.000Z",
|
||
|
"modified": "2017-06-12T12:03:33.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:33Z",
|
||
|
"last_observed": "2017-06-12T12:03:33Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8315-4c74-4b39-b32b-4e17950d210f",
|
||
|
"ipv4-addr--593e8315-4c74-4b39-b32b-4e17950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8315-4c74-4b39-b32b-4e17950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8315-4c74-4b39-b32b-4e17950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8315-4c74-4b39-b32b-4e17950d210f",
|
||
|
"value": "193.239.206.248"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8316-7b40-4e13-ab97-4103950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:34.000Z",
|
||
|
"modified": "2017-06-12T12:03:34.000Z",
|
||
|
"pattern": "[url:value = 'http://ceil.hk/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8316-826c-42f7-abaa-4902950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:34.000Z",
|
||
|
"modified": "2017-06-12T12:03:34.000Z",
|
||
|
"pattern": "[domain-name:value = 'ceil.hk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8317-dcf4-4dc3-b749-416d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:35.000Z",
|
||
|
"modified": "2017-06-12T12:03:35.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:35Z",
|
||
|
"last_observed": "2017-06-12T12:03:35Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8317-dcf4-4dc3-b749-416d950d210f",
|
||
|
"ipv4-addr--593e8317-dcf4-4dc3-b749-416d950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8317-dcf4-4dc3-b749-416d950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8317-dcf4-4dc3-b749-416d950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8317-dcf4-4dc3-b749-416d950d210f",
|
||
|
"value": "202.181.246.240"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8317-9470-468e-93a9-450e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:35.000Z",
|
||
|
"modified": "2017-06-12T12:03:35.000Z",
|
||
|
"pattern": "[url:value = 'http://cnbofa.com/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8318-5c2c-4445-af0d-435e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:36.000Z",
|
||
|
"modified": "2017-06-12T12:03:36.000Z",
|
||
|
"pattern": "[domain-name:value = 'cnbofa.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8318-6d78-4350-9c33-49a2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:36.000Z",
|
||
|
"modified": "2017-06-12T12:03:36.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:36Z",
|
||
|
"last_observed": "2017-06-12T12:03:36Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8318-6d78-4350-9c33-49a2950d210f",
|
||
|
"ipv4-addr--593e8318-6d78-4350-9c33-49a2950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8318-6d78-4350-9c33-49a2950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8318-6d78-4350-9c33-49a2950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8318-6d78-4350-9c33-49a2950d210f",
|
||
|
"value": "162.215.255.3"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8319-3078-4fa4-8ae2-44d4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:37.000Z",
|
||
|
"modified": "2017-06-12T12:03:37.000Z",
|
||
|
"pattern": "[url:value = 'http://crowdvn.com/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8319-06e0-492e-9c42-4945950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:37.000Z",
|
||
|
"modified": "2017-06-12T12:03:37.000Z",
|
||
|
"pattern": "[domain-name:value = 'crowdvn.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e831a-8dfc-4c3e-8778-4034950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:38.000Z",
|
||
|
"modified": "2017-06-12T12:03:38.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:38Z",
|
||
|
"last_observed": "2017-06-12T12:03:38Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e831a-8dfc-4c3e-8778-4034950d210f",
|
||
|
"ipv4-addr--593e831a-8dfc-4c3e-8778-4034950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e831a-8dfc-4c3e-8778-4034950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e831a-8dfc-4c3e-8778-4034950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e831a-8dfc-4c3e-8778-4034950d210f",
|
||
|
"value": "133.242.52.84"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e831a-b944-47f8-aa94-496e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:38.000Z",
|
||
|
"modified": "2017-06-12T12:03:38.000Z",
|
||
|
"pattern": "[url:value = 'http://e67tfgc4uybfbnfmd.org/af/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e831b-ecd4-4b92-8fcc-4b50950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:39.000Z",
|
||
|
"modified": "2017-06-12T12:03:39.000Z",
|
||
|
"pattern": "[domain-name:value = 'e67tfgc4uybfbnfmd.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e831c-9514-496b-ae82-4b57950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:40.000Z",
|
||
|
"modified": "2017-06-12T12:03:40.000Z",
|
||
|
"pattern": "[url:value = 'http://lamartechnical.com/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e831d-b838-487b-8106-462a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:41.000Z",
|
||
|
"modified": "2017-06-12T12:03:41.000Z",
|
||
|
"pattern": "[domain-name:value = 'lamartechnical.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e831d-e078-43a7-a93c-498b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:41.000Z",
|
||
|
"modified": "2017-06-12T12:03:41.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:41Z",
|
||
|
"last_observed": "2017-06-12T12:03:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e831d-e078-43a7-a93c-498b950d210f",
|
||
|
"ipv4-addr--593e831d-e078-43a7-a93c-498b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e831d-e078-43a7-a93c-498b950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e831d-e078-43a7-a93c-498b950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e831d-e078-43a7-a93c-498b950d210f",
|
||
|
"value": "216.97.233.44"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e831e-a8d0-4237-a9ec-448f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:42.000Z",
|
||
|
"modified": "2017-06-12T12:03:42.000Z",
|
||
|
"pattern": "[url:value = 'http://lockehouse.com/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e831e-19f4-4ea1-a51c-45bc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:42.000Z",
|
||
|
"modified": "2017-06-12T12:03:42.000Z",
|
||
|
"pattern": "[domain-name:value = 'lockehouse.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e831f-52cc-474c-8f01-45b8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:43.000Z",
|
||
|
"modified": "2017-06-12T12:03:43.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:43Z",
|
||
|
"last_observed": "2017-06-12T12:03:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e831f-52cc-474c-8f01-45b8950d210f",
|
||
|
"ipv4-addr--593e831f-52cc-474c-8f01-45b8950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e831f-52cc-474c-8f01-45b8950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e831f-52cc-474c-8f01-45b8950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e831f-52cc-474c-8f01-45b8950d210f",
|
||
|
"value": "107.180.48.91"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e831f-215c-42b2-89c5-4acf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:43.000Z",
|
||
|
"modified": "2017-06-12T12:03:43.000Z",
|
||
|
"pattern": "[url:value = 'http://mangetsudo.net/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8320-f290-4230-8df9-41a6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:44.000Z",
|
||
|
"modified": "2017-06-12T12:03:44.000Z",
|
||
|
"pattern": "[domain-name:value = 'mangetsudo.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8320-cbe8-4902-b02f-4eb6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:44.000Z",
|
||
|
"modified": "2017-06-12T12:03:44.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:44Z",
|
||
|
"last_observed": "2017-06-12T12:03:44Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8320-cbe8-4902-b02f-4eb6950d210f",
|
||
|
"ipv4-addr--593e8320-cbe8-4902-b02f-4eb6950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8320-cbe8-4902-b02f-4eb6950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8320-cbe8-4902-b02f-4eb6950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8320-cbe8-4902-b02f-4eb6950d210f",
|
||
|
"value": "219.118.71.133"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8321-fcc8-4427-9ccc-4765950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:45.000Z",
|
||
|
"modified": "2017-06-12T12:03:45.000Z",
|
||
|
"pattern": "[url:value = 'http://martinsturm.de/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8321-be7c-4926-9a47-4c63950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:45.000Z",
|
||
|
"modified": "2017-06-12T12:03:45.000Z",
|
||
|
"pattern": "[domain-name:value = 'martinsturm.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8322-24e8-49d1-bc57-439a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:46.000Z",
|
||
|
"modified": "2017-06-12T12:03:46.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:46Z",
|
||
|
"last_observed": "2017-06-12T12:03:46Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8322-24e8-49d1-bc57-439a950d210f",
|
||
|
"ipv4-addr--593e8322-24e8-49d1-bc57-439a950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8322-24e8-49d1-bc57-439a950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8322-24e8-49d1-bc57-439a950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8322-24e8-49d1-bc57-439a950d210f",
|
||
|
"value": "81.169.145.68"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8322-daf4-4175-97bf-49e4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:46.000Z",
|
||
|
"modified": "2017-06-12T12:03:46.000Z",
|
||
|
"pattern": "[url:value = 'http://marylanddevelopers.in/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8323-c26c-4b9d-a0eb-45f1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:47.000Z",
|
||
|
"modified": "2017-06-12T12:03:47.000Z",
|
||
|
"pattern": "[domain-name:value = 'marylanddevelopers.in']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8323-4350-49eb-b71f-4416950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:47.000Z",
|
||
|
"modified": "2017-06-12T12:03:47.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:47Z",
|
||
|
"last_observed": "2017-06-12T12:03:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8323-4350-49eb-b71f-4416950d210f",
|
||
|
"ipv4-addr--593e8323-4350-49eb-b71f-4416950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8323-4350-49eb-b71f-4416950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8323-4350-49eb-b71f-4416950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8323-4350-49eb-b71f-4416950d210f",
|
||
|
"value": "103.50.160.62"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8324-5d48-4309-acb8-4634950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:48.000Z",
|
||
|
"modified": "2017-06-12T12:03:48.000Z",
|
||
|
"pattern": "[url:value = 'http://quente.nl/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8324-1bc0-4a6d-abd5-4970950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:48.000Z",
|
||
|
"modified": "2017-06-12T12:03:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'quente.nl']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8325-b838-4c2a-99f5-42d2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:49.000Z",
|
||
|
"modified": "2017-06-12T12:03:49.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:49Z",
|
||
|
"last_observed": "2017-06-12T12:03:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8325-b838-4c2a-99f5-42d2950d210f",
|
||
|
"ipv4-addr--593e8325-b838-4c2a-99f5-42d2950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8325-b838-4c2a-99f5-42d2950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8325-b838-4c2a-99f5-42d2950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8325-b838-4c2a-99f5-42d2950d210f",
|
||
|
"value": "81.169.145.166"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8325-c4ac-4a5c-bc71-4ac5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:49.000Z",
|
||
|
"modified": "2017-06-12T12:03:49.000Z",
|
||
|
"pattern": "[url:value = 'http://sacrecoeur.bravepages.com/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8326-2bdc-4409-bf04-477f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:50.000Z",
|
||
|
"modified": "2017-06-12T12:03:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'sacrecoeur.bravepages.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8326-ecc4-4527-93ec-4557950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:50.000Z",
|
||
|
"modified": "2017-06-12T12:03:50.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:50Z",
|
||
|
"last_observed": "2017-06-12T12:03:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8326-ecc4-4527-93ec-4557950d210f",
|
||
|
"ipv4-addr--593e8326-ecc4-4527-93ec-4557950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8326-ecc4-4527-93ec-4557950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8326-ecc4-4527-93ec-4557950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8326-ecc4-4527-93ec-4557950d210f",
|
||
|
"value": "66.219.202.10"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8327-7840-4ae2-83f5-4ccd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:51.000Z",
|
||
|
"modified": "2017-06-12T12:03:51.000Z",
|
||
|
"pattern": "[url:value = 'http://sheekchilly.com/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8327-1260-404f-a874-4f5d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:51.000Z",
|
||
|
"modified": "2017-06-12T12:03:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'sheekchilly.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8328-faf4-410c-9a48-4916950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:52.000Z",
|
||
|
"modified": "2017-06-12T12:03:52.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:52Z",
|
||
|
"last_observed": "2017-06-12T12:03:52Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8328-faf4-410c-9a48-4916950d210f",
|
||
|
"ipv4-addr--593e8328-faf4-410c-9a48-4916950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8328-faf4-410c-9a48-4916950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8328-faf4-410c-9a48-4916950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8328-faf4-410c-9a48-4916950d210f",
|
||
|
"value": "103.21.59.174"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8328-4648-4dde-8bc0-4b0e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:52.000Z",
|
||
|
"modified": "2017-06-12T12:03:52.000Z",
|
||
|
"pattern": "[url:value = 'http://smartzaa.com/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8329-287c-44e1-95ce-4d03950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:53.000Z",
|
||
|
"modified": "2017-06-12T12:03:53.000Z",
|
||
|
"pattern": "[domain-name:value = 'smartzaa.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8329-b9b8-4c0a-8d9f-4f12950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:53.000Z",
|
||
|
"modified": "2017-06-12T12:03:53.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:53Z",
|
||
|
"last_observed": "2017-06-12T12:03:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8329-b9b8-4c0a-8d9f-4f12950d210f",
|
||
|
"ipv4-addr--593e8329-b9b8-4c0a-8d9f-4f12950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8329-b9b8-4c0a-8d9f-4f12950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8329-b9b8-4c0a-8d9f-4f12950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8329-b9b8-4c0a-8d9f-4f12950d210f",
|
||
|
"value": "103.21.58.252"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e832a-a528-4813-8d48-4783950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:54.000Z",
|
||
|
"modified": "2017-06-12T12:03:54.000Z",
|
||
|
"pattern": "[url:value = 'http://sportsfoliorewards.com/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e832a-7dd0-4fa0-94da-4478950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:54.000Z",
|
||
|
"modified": "2017-06-12T12:03:54.000Z",
|
||
|
"pattern": "[domain-name:value = 'sportsfoliorewards.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e832b-5028-4db3-9962-41da950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:55.000Z",
|
||
|
"modified": "2017-06-12T12:03:55.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:55Z",
|
||
|
"last_observed": "2017-06-12T12:03:55Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e832b-5028-4db3-9962-41da950d210f",
|
||
|
"ipv4-addr--593e832b-5028-4db3-9962-41da950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e832b-5028-4db3-9962-41da950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e832b-5028-4db3-9962-41da950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e832b-5028-4db3-9962-41da950d210f",
|
||
|
"value": "160.153.53.103"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e832b-8c6c-4f09-8dea-464f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:55.000Z",
|
||
|
"modified": "2017-06-12T12:03:55.000Z",
|
||
|
"pattern": "[url:value = 'http://susewind.ch/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e832c-662c-4bb0-a62d-4738950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:56.000Z",
|
||
|
"modified": "2017-06-12T12:03:56.000Z",
|
||
|
"pattern": "[domain-name:value = 'susewind.ch']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e832c-dd90-4efd-bb37-42f4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:56.000Z",
|
||
|
"modified": "2017-06-12T12:03:56.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:56Z",
|
||
|
"last_observed": "2017-06-12T12:03:56Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e832c-dd90-4efd-bb37-42f4950d210f",
|
||
|
"ipv4-addr--593e832c-dd90-4efd-bb37-42f4950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e832c-dd90-4efd-bb37-42f4950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e832c-dd90-4efd-bb37-42f4950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e832c-dd90-4efd-bb37-42f4950d210f",
|
||
|
"value": "212.40.5.43"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e832d-8444-41dc-b8cb-44c2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:57.000Z",
|
||
|
"modified": "2017-06-12T12:03:57.000Z",
|
||
|
"pattern": "[url:value = 'http://svadba-tamada.de/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e832d-43cc-4445-a5b7-47c6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:57.000Z",
|
||
|
"modified": "2017-06-12T12:03:57.000Z",
|
||
|
"pattern": "[domain-name:value = 'svadba-tamada.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e832e-e768-42f1-b16b-43da950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:58.000Z",
|
||
|
"modified": "2017-06-12T12:03:58.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:58Z",
|
||
|
"last_observed": "2017-06-12T12:03:58Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e832e-e768-42f1-b16b-43da950d210f",
|
||
|
"ipv4-addr--593e832e-e768-42f1-b16b-43da950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e832e-e768-42f1-b16b-43da950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e832e-e768-42f1-b16b-43da950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e832e-e768-42f1-b16b-43da950d210f",
|
||
|
"value": "81.169.145.148"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e832e-2fdc-4a26-9eb8-4d20950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:58.000Z",
|
||
|
"modified": "2017-06-12T12:03:58.000Z",
|
||
|
"pattern": "[url:value = 'http://svi1869.de/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e832f-db48-47b7-9975-4c8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:59.000Z",
|
||
|
"modified": "2017-06-12T12:03:59.000Z",
|
||
|
"pattern": "[domain-name:value = 'svi1869.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:03:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e832f-2594-4f93-9a9d-4d88950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:03:59.000Z",
|
||
|
"modified": "2017-06-12T12:03:59.000Z",
|
||
|
"first_observed": "2017-06-12T12:03:59Z",
|
||
|
"last_observed": "2017-06-12T12:03:59Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e832f-2594-4f93-9a9d-4d88950d210f",
|
||
|
"ipv4-addr--593e832f-2594-4f93-9a9d-4d88950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e832f-2594-4f93-9a9d-4d88950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e832f-2594-4f93-9a9d-4d88950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e832f-2594-4f93-9a9d-4d88950d210f",
|
||
|
"value": "81.169.145.93"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8330-2a64-4c8d-96bf-4456950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:00.000Z",
|
||
|
"modified": "2017-06-12T12:04:00.000Z",
|
||
|
"pattern": "[url:value = 'http://syrianchristiancentre.org/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:04:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8330-712c-4e4e-a21a-44bb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:00.000Z",
|
||
|
"modified": "2017-06-12T12:04:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'syrianchristiancentre.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:04:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8331-034c-4ebe-93be-4db3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:01.000Z",
|
||
|
"modified": "2017-06-12T12:04:01.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:01Z",
|
||
|
"last_observed": "2017-06-12T12:04:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8331-034c-4ebe-93be-4db3950d210f",
|
||
|
"ipv4-addr--593e8331-034c-4ebe-93be-4db3950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8331-034c-4ebe-93be-4db3950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8331-034c-4ebe-93be-4db3950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8331-034c-4ebe-93be-4db3950d210f",
|
||
|
"value": "103.21.58.130"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8331-d728-41b4-b921-4984950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:01.000Z",
|
||
|
"modified": "2017-06-12T12:04:01.000Z",
|
||
|
"pattern": "[url:value = 'http://ulyanky.ru/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:04:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8332-6fd8-4e89-975b-4c90950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:02.000Z",
|
||
|
"modified": "2017-06-12T12:04:02.000Z",
|
||
|
"pattern": "[domain-name:value = 'ulyanky.ru']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:04:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8332-f930-4469-816b-44b9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:02.000Z",
|
||
|
"modified": "2017-06-12T12:04:02.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:02Z",
|
||
|
"last_observed": "2017-06-12T12:04:02Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8332-f930-4469-816b-44b9950d210f",
|
||
|
"ipv4-addr--593e8332-f930-4469-816b-44b9950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8332-f930-4469-816b-44b9950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8332-f930-4469-816b-44b9950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8332-f930-4469-816b-44b9950d210f",
|
||
|
"value": "91.201.42.45"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8333-1280-44e3-a809-4703950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:03.000Z",
|
||
|
"modified": "2017-06-12T12:04:03.000Z",
|
||
|
"pattern": "[url:value = 'http://xinjingji.net/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:04:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8333-7350-49ab-b1c9-4f22950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:03.000Z",
|
||
|
"modified": "2017-06-12T12:04:03.000Z",
|
||
|
"pattern": "[domain-name:value = 'xinjingji.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:04:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8334-f6f4-487e-b271-4d45950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:04.000Z",
|
||
|
"modified": "2017-06-12T12:04:04.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:04Z",
|
||
|
"last_observed": "2017-06-12T12:04:04Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8334-f6f4-487e-b271-4d45950d210f",
|
||
|
"ipv4-addr--593e8334-f6f4-487e-b271-4d45950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8334-f6f4-487e-b271-4d45950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8334-f6f4-487e-b271-4d45950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8334-f6f4-487e-b271-4d45950d210f",
|
||
|
"value": "120.25.70.148"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8334-40b4-45d2-a173-4bff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:04.000Z",
|
||
|
"modified": "2017-06-12T12:04:04.000Z",
|
||
|
"pattern": "[url:value = 'http://yensaophuongdong.com/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:04:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e8335-9bd4-4ad4-9c7d-4153950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:05.000Z",
|
||
|
"modified": "2017-06-12T12:04:05.000Z",
|
||
|
"pattern": "[domain-name:value = 'yensaophuongdong.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:04:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e833a-def8-4469-9df3-4d84950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:10.000Z",
|
||
|
"modified": "2017-06-12T12:04:10.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:10Z",
|
||
|
"last_observed": "2017-06-12T12:04:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e833a-def8-4469-9df3-4d84950d210f",
|
||
|
"ipv4-addr--593e833a-def8-4469-9df3-4d84950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e833a-def8-4469-9df3-4d84950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e833a-def8-4469-9df3-4d84950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e833a-def8-4469-9df3-4d84950d210f",
|
||
|
"value": "209.99.16.221"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e833b-9040-42c7-89aa-4ac6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:11.000Z",
|
||
|
"modified": "2017-06-12T12:04:11.000Z",
|
||
|
"pattern": "[url:value = 'http://ythongye.com/8yhf2ui']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:04:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--593e833b-5b90-4c0e-b8f9-caa4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:11.000Z",
|
||
|
"modified": "2017-06-12T12:04:11.000Z",
|
||
|
"pattern": "[domain-name:value = 'ythongye.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-06-12T12:04:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e833f-66a8-4342-a4b5-4d6c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:15.000Z",
|
||
|
"modified": "2017-06-12T12:04:15.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:15Z",
|
||
|
"last_observed": "2017-06-12T12:04:15Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e833f-66a8-4342-a4b5-4d6c950d210f",
|
||
|
"ipv4-addr--593e833f-66a8-4342-a4b5-4d6c950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e833f-66a8-4342-a4b5-4d6c950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e833f-66a8-4342-a4b5-4d6c950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e833f-66a8-4342-a4b5-4d6c950d210f",
|
||
|
"value": "103.249.108.128"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8346-e050-4ef0-89bb-caa4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:22.000Z",
|
||
|
"modified": "2017-06-12T12:04:22.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:22Z",
|
||
|
"last_observed": "2017-06-12T12:04:22Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--593e8346-e050-4ef0-89bb-caa4950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--593e8346-e050-4ef0-89bb-caa4950d210f",
|
||
|
"value": "193.0.140.177"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8347-dfb4-4122-8804-4b4e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:23.000Z",
|
||
|
"modified": "2017-06-12T12:04:23.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:23Z",
|
||
|
"last_observed": "2017-06-12T12:04:23Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8347-dfb4-4122-8804-4b4e950d210f",
|
||
|
"ipv4-addr--593e8347-dfb4-4122-8804-4b4e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8347-dfb4-4122-8804-4b4e950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8347-dfb4-4122-8804-4b4e950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8347-dfb4-4122-8804-4b4e950d210f",
|
||
|
"value": "193.0.140.177"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8347-7054-41bf-bbbe-418e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:23.000Z",
|
||
|
"modified": "2017-06-12T12:04:23.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:23Z",
|
||
|
"last_observed": "2017-06-12T12:04:23Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--593e8347-7054-41bf-bbbe-418e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--593e8347-7054-41bf-bbbe-418e950d210f",
|
||
|
"value": "89.231.13.18"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8348-fca0-463a-be40-4e19950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:24.000Z",
|
||
|
"modified": "2017-06-12T12:04:24.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:24Z",
|
||
|
"last_observed": "2017-06-12T12:04:24Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8348-fca0-463a-be40-4e19950d210f",
|
||
|
"ipv4-addr--593e8348-fca0-463a-be40-4e19950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8348-fca0-463a-be40-4e19950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8348-fca0-463a-be40-4e19950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8348-fca0-463a-be40-4e19950d210f",
|
||
|
"value": "89.231.13.18"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8348-ce30-4784-8b21-44da950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:24.000Z",
|
||
|
"modified": "2017-06-12T12:04:24.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:24Z",
|
||
|
"last_observed": "2017-06-12T12:04:24Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--593e8348-ce30-4784-8b21-44da950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--593e8348-ce30-4784-8b21-44da950d210f",
|
||
|
"value": "89.231.13.27"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8349-c5f8-4cf7-97f5-4e20950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:25.000Z",
|
||
|
"modified": "2017-06-12T12:04:25.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:25Z",
|
||
|
"last_observed": "2017-06-12T12:04:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8349-c5f8-4cf7-97f5-4e20950d210f",
|
||
|
"ipv4-addr--593e8349-c5f8-4cf7-97f5-4e20950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8349-c5f8-4cf7-97f5-4e20950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8349-c5f8-4cf7-97f5-4e20950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8349-c5f8-4cf7-97f5-4e20950d210f",
|
||
|
"value": "89.231.13.27"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8349-4034-41b5-8403-4afe950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:25.000Z",
|
||
|
"modified": "2017-06-12T12:04:25.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:25Z",
|
||
|
"last_observed": "2017-06-12T12:04:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--593e8349-4034-41b5-8403-4afe950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--593e8349-4034-41b5-8403-4afe950d210f",
|
||
|
"value": "89.231.13.33"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e8349-457c-4c27-9868-485c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:25.000Z",
|
||
|
"modified": "2017-06-12T12:04:25.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:25Z",
|
||
|
"last_observed": "2017-06-12T12:04:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e8349-457c-4c27-9868-485c950d210f",
|
||
|
"ipv4-addr--593e8349-457c-4c27-9868-485c950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e8349-457c-4c27-9868-485c950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e8349-457c-4c27-9868-485c950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e8349-457c-4c27-9868-485c950d210f",
|
||
|
"value": "89.231.13.33"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e834a-fc4c-4e93-a04a-4e1d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:26.000Z",
|
||
|
"modified": "2017-06-12T12:04:26.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:26Z",
|
||
|
"last_observed": "2017-06-12T12:04:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--593e834a-fc4c-4e93-a04a-4e1d950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--593e834a-fc4c-4e93-a04a-4e1d950d210f",
|
||
|
"value": "185.203.243.111"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e834a-2c78-4c28-a47c-48a2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:26.000Z",
|
||
|
"modified": "2017-06-12T12:04:26.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:26Z",
|
||
|
"last_observed": "2017-06-12T12:04:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e834a-2c78-4c28-a47c-48a2950d210f",
|
||
|
"ipv4-addr--593e834a-2c78-4c28-a47c-48a2950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e834a-2c78-4c28-a47c-48a2950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e834a-2c78-4c28-a47c-48a2950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e834a-2c78-4c28-a47c-48a2950d210f",
|
||
|
"value": "185.203.243.111"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e834b-2278-4999-9719-43e5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:27.000Z",
|
||
|
"modified": "2017-06-12T12:04:27.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:27Z",
|
||
|
"last_observed": "2017-06-12T12:04:27Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--593e834b-2278-4999-9719-43e5950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--593e834b-2278-4999-9719-43e5950d210f",
|
||
|
"value": "185.203.243.112"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e834b-2e6c-4ceb-80dc-4c82950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:27.000Z",
|
||
|
"modified": "2017-06-12T12:04:27.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:27Z",
|
||
|
"last_observed": "2017-06-12T12:04:27Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e834b-2e6c-4ceb-80dc-4c82950d210f",
|
||
|
"ipv4-addr--593e834b-2e6c-4ceb-80dc-4c82950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e834b-2e6c-4ceb-80dc-4c82950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e834b-2e6c-4ceb-80dc-4c82950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e834b-2e6c-4ceb-80dc-4c82950d210f",
|
||
|
"value": "185.203.243.112"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e834c-7158-4e60-9731-4ddd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:28.000Z",
|
||
|
"modified": "2017-06-12T12:04:28.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:28Z",
|
||
|
"last_observed": "2017-06-12T12:04:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--593e834c-7158-4e60-9731-4ddd950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--593e834c-7158-4e60-9731-4ddd950d210f",
|
||
|
"value": "185.203.243.113"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--593e834c-d150-48e9-8a4f-4e91950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-06-12T12:04:28.000Z",
|
||
|
"modified": "2017-06-12T12:04:28.000Z",
|
||
|
"first_observed": "2017-06-12T12:04:28Z",
|
||
|
"last_observed": "2017-06-12T12:04:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--593e834c-d150-48e9-8a4f-4e91950d210f",
|
||
|
"ipv4-addr--593e834c-d150-48e9-8a4f-4e91950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--593e834c-d150-48e9-8a4f-4e91950d210f",
|
||
|
"dst_ref": "ipv4-addr--593e834c-d150-48e9-8a4f-4e91950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--593e834c-d150-48e9-8a4f-4e91950d210f",
|
||
|
"value": "185.203.243.113"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|