1263 lines
50 KiB
JSON
1263 lines
50 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--59c8f958-be58-46da-8a21-4c5f950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:58:00.000Z",
|
||
|
"modified": "2017-09-25T12:58:00.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--59c8f958-be58-46da-8a21-4c5f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:58:00.000Z",
|
||
|
"modified": "2017-09-25T12:58:00.000Z",
|
||
|
"name": "M2M - Locky 2017-09-25 : Affid=3, offline, \".ykcol\" : \"Message from 02087654321\" - \"Voice Message.7z\"",
|
||
|
"published": "2017-09-25T12:58:05Z",
|
||
|
"object_refs": [
|
||
|
"indicator--59c8f959-ac8c-4e13-936e-9b1f950d210f",
|
||
|
"indicator--59c8f959-481c-4f85-a01f-4dd9950d210f",
|
||
|
"indicator--59c8f959-cd48-45c3-8d58-4c5f950d210f",
|
||
|
"indicator--59c8f977-c8b4-4c61-ba89-4c64950d210f",
|
||
|
"indicator--59c8f978-11f8-4997-8f83-4d7e950d210f",
|
||
|
"observed-data--59c8f978-9e6c-4301-9e45-4ad5950d210f",
|
||
|
"network-traffic--59c8f978-9e6c-4301-9e45-4ad5950d210f",
|
||
|
"ipv4-addr--59c8f978-9e6c-4301-9e45-4ad5950d210f",
|
||
|
"indicator--59c8f978-e850-40fd-85eb-9dc2950d210f",
|
||
|
"indicator--59c8f978-557c-42cb-8552-4dd6950d210f",
|
||
|
"observed-data--59c8f979-6138-4c7c-9cbc-4137950d210f",
|
||
|
"network-traffic--59c8f979-6138-4c7c-9cbc-4137950d210f",
|
||
|
"ipv4-addr--59c8f979-6138-4c7c-9cbc-4137950d210f",
|
||
|
"indicator--59c8f979-2bec-4e95-9bee-4bf6950d210f",
|
||
|
"indicator--59c8f979-e378-452d-9637-408a950d210f",
|
||
|
"observed-data--59c8f979-1298-4b34-a5e9-4c2f950d210f",
|
||
|
"network-traffic--59c8f979-1298-4b34-a5e9-4c2f950d210f",
|
||
|
"ipv4-addr--59c8f979-1298-4b34-a5e9-4c2f950d210f",
|
||
|
"indicator--59c8f97a-7670-41df-976e-4c5f950d210f",
|
||
|
"indicator--59c8f97a-7130-4898-874b-9dc2950d210f",
|
||
|
"observed-data--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
|
||
|
"network-traffic--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
|
||
|
"ipv4-addr--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
|
||
|
"indicator--59c8f97c-cc4c-44b9-a834-4c2f950d210f",
|
||
|
"indicator--59c8f97c-450c-41b9-b8f9-9b1f950d210f",
|
||
|
"observed-data--59c8f97c-07cc-4b9d-b850-4214950d210f",
|
||
|
"network-traffic--59c8f97c-07cc-4b9d-b850-4214950d210f",
|
||
|
"ipv4-addr--59c8f97c-07cc-4b9d-b850-4214950d210f",
|
||
|
"indicator--59c8f97d-28d0-4993-bb4b-42ad950d210f",
|
||
|
"indicator--59c8f97d-4d8c-4f56-94c2-45f8950d210f",
|
||
|
"observed-data--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
|
||
|
"network-traffic--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
|
||
|
"ipv4-addr--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
|
||
|
"indicator--59c8f97d-7e08-4283-a747-4bf6950d210f",
|
||
|
"indicator--59c8f97e-e30c-41cd-926e-4678950d210f",
|
||
|
"observed-data--59c8f97e-8c5c-495e-b382-9b1f950d210f",
|
||
|
"network-traffic--59c8f97e-8c5c-495e-b382-9b1f950d210f",
|
||
|
"ipv4-addr--59c8f97e-8c5c-495e-b382-9b1f950d210f",
|
||
|
"indicator--59c8f97e-e88c-4032-849d-4c5f950d210f",
|
||
|
"indicator--59c8f97e-2678-46af-8143-9dc2950d210f",
|
||
|
"observed-data--59c8f97f-1d84-4154-b141-9b8f950d210f",
|
||
|
"network-traffic--59c8f97f-1d84-4154-b141-9b8f950d210f",
|
||
|
"ipv4-addr--59c8f97f-1d84-4154-b141-9b8f950d210f",
|
||
|
"indicator--59c8f980-4d24-4b52-a6b8-45dd950d210f",
|
||
|
"indicator--59c8f980-1a10-449c-8ff4-4db4950d210f",
|
||
|
"observed-data--59c8f980-3d88-4246-80ef-4f5e950d210f",
|
||
|
"network-traffic--59c8f980-3d88-4246-80ef-4f5e950d210f",
|
||
|
"ipv4-addr--59c8f980-3d88-4246-80ef-4f5e950d210f",
|
||
|
"indicator--59c8f980-130c-4261-ade3-454a950d210f",
|
||
|
"indicator--59c8f980-2a50-4b1a-8267-9dc2950d210f",
|
||
|
"observed-data--59c8f981-bd88-4432-b8c1-4c2f950d210f",
|
||
|
"network-traffic--59c8f981-bd88-4432-b8c1-4c2f950d210f",
|
||
|
"ipv4-addr--59c8f981-bd88-4432-b8c1-4c2f950d210f",
|
||
|
"indicator--59c8f981-d878-4b0d-8f17-4075950d210f",
|
||
|
"indicator--59c8f981-1400-44b1-b1ed-4df4950d210f",
|
||
|
"observed-data--59c8f981-0550-4d85-b6e3-44da950d210f",
|
||
|
"network-traffic--59c8f981-0550-4d85-b6e3-44da950d210f",
|
||
|
"ipv4-addr--59c8f981-0550-4d85-b6e3-44da950d210f",
|
||
|
"indicator--59c8f982-981c-4dbb-a0e5-4797950d210f",
|
||
|
"indicator--59c8f982-7b54-4776-921a-9dc2950d210f",
|
||
|
"indicator--59c8f988-7a04-42bb-a64e-4241950d210f",
|
||
|
"indicator--59c8f989-aeec-4911-a6f0-4f1a950d210f",
|
||
|
"observed-data--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
|
||
|
"network-traffic--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
|
||
|
"ipv4-addr--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
|
||
|
"indicator--59c8fcfd-834c-42e6-862e-403d02de0b81",
|
||
|
"indicator--59c8fcfd-39fc-469c-bdaf-4d5802de0b81",
|
||
|
"observed-data--59c8fcfd-6024-4980-ba2c-4fe102de0b81",
|
||
|
"url--59c8fcfd-6024-4980-ba2c-4fe102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"ecsirt:malicious-code=\"ransomware\"",
|
||
|
"misp-galaxy:ransomware=\"Locky\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f959-ac8c-4e13-936e-9b1f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '8dbdd9122dadc54f21747cc4f0ab267c']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f959-481c-4f85-a01f-4dd9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[url:value = 'http://artplast.uz/YTkjdJH7w1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f959-cd48-45c3-8d58-4c5f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'artplast.uz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f977-c8b4-4c61-ba89-4c64950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[url:value = 'http://asesoreszapico.com/YTkjdJH7w1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f978-11f8-4997-8f83-4d7e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'asesoreszapico.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59c8f978-9e6c-4301-9e45-4ad5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"first_observed": "2017-09-25T12:56:29Z",
|
||
|
"last_observed": "2017-09-25T12:56:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59c8f978-9e6c-4301-9e45-4ad5950d210f",
|
||
|
"ipv4-addr--59c8f978-9e6c-4301-9e45-4ad5950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59c8f978-9e6c-4301-9e45-4ad5950d210f",
|
||
|
"dst_ref": "ipv4-addr--59c8f978-9e6c-4301-9e45-4ad5950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59c8f978-9e6c-4301-9e45-4ad5950d210f",
|
||
|
"value": "212.89.16.142"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f978-e850-40fd-85eb-9dc2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[url:value = 'http://asheardontheradiogreens.com/YTkjdJH7w1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f978-557c-42cb-8552-4dd6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'asheardontheradiogreens.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59c8f979-6138-4c7c-9cbc-4137950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"first_observed": "2017-09-25T12:56:29Z",
|
||
|
"last_observed": "2017-09-25T12:56:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59c8f979-6138-4c7c-9cbc-4137950d210f",
|
||
|
"ipv4-addr--59c8f979-6138-4c7c-9cbc-4137950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59c8f979-6138-4c7c-9cbc-4137950d210f",
|
||
|
"dst_ref": "ipv4-addr--59c8f979-6138-4c7c-9cbc-4137950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59c8f979-6138-4c7c-9cbc-4137950d210f",
|
||
|
"value": "199.30.241.139"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f979-2bec-4e95-9bee-4bf6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[url:value = 'http://audio-pa-service.de/YTkjdJH7w1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f979-e378-452d-9637-408a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'audio-pa-service.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59c8f979-1298-4b34-a5e9-4c2f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"first_observed": "2017-09-25T12:56:29Z",
|
||
|
"last_observed": "2017-09-25T12:56:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59c8f979-1298-4b34-a5e9-4c2f950d210f",
|
||
|
"ipv4-addr--59c8f979-1298-4b34-a5e9-4c2f950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59c8f979-1298-4b34-a5e9-4c2f950d210f",
|
||
|
"dst_ref": "ipv4-addr--59c8f979-1298-4b34-a5e9-4c2f950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59c8f979-1298-4b34-a5e9-4c2f950d210f",
|
||
|
"value": "81.169.244.233"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f97a-7670-41df-976e-4c5f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[url:value = 'http://augsburger-maerchentheater.de/YTkjdJH7w1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f97a-7130-4898-874b-9dc2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'augsburger-maerchentheater.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"first_observed": "2017-09-25T12:56:29Z",
|
||
|
"last_observed": "2017-09-25T12:56:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
|
||
|
"ipv4-addr--59c8f97c-71e0-45cf-a3a3-4c64950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
|
||
|
"dst_ref": "ipv4-addr--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59c8f97c-71e0-45cf-a3a3-4c64950d210f",
|
||
|
"value": "94.102.214.231"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f97c-cc4c-44b9-a834-4c2f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[url:value = 'http://auto-ecole-prudence.com/YTkjdJH7w1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f97c-450c-41b9-b8f9-9b1f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'auto-ecole-prudence.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59c8f97c-07cc-4b9d-b850-4214950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"first_observed": "2017-09-25T12:56:29Z",
|
||
|
"last_observed": "2017-09-25T12:56:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59c8f97c-07cc-4b9d-b850-4214950d210f",
|
||
|
"ipv4-addr--59c8f97c-07cc-4b9d-b850-4214950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59c8f97c-07cc-4b9d-b850-4214950d210f",
|
||
|
"dst_ref": "ipv4-addr--59c8f97c-07cc-4b9d-b850-4214950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59c8f97c-07cc-4b9d-b850-4214950d210f",
|
||
|
"value": "193.227.248.247"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f97d-28d0-4993-bb4b-42ad950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[url:value = 'http://automattenonline.com/YTkjdJH7w1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f97d-4d8c-4f56-94c2-45f8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'automattenonline.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"first_observed": "2017-09-25T12:56:29Z",
|
||
|
"last_observed": "2017-09-25T12:56:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
|
||
|
"ipv4-addr--59c8f97d-4cbc-422c-bc56-4bcd950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
|
||
|
"dst_ref": "ipv4-addr--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59c8f97d-4cbc-422c-bc56-4bcd950d210f",
|
||
|
"value": "149.210.129.109"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f97d-7e08-4283-a747-4bf6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[url:value = 'http://awoodshop.net/YTkjdJH7w1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f97e-e30c-41cd-926e-4678950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'awoodshop.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59c8f97e-8c5c-495e-b382-9b1f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"first_observed": "2017-09-25T12:56:29Z",
|
||
|
"last_observed": "2017-09-25T12:56:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59c8f97e-8c5c-495e-b382-9b1f950d210f",
|
||
|
"ipv4-addr--59c8f97e-8c5c-495e-b382-9b1f950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59c8f97e-8c5c-495e-b382-9b1f950d210f",
|
||
|
"dst_ref": "ipv4-addr--59c8f97e-8c5c-495e-b382-9b1f950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59c8f97e-8c5c-495e-b382-9b1f950d210f",
|
||
|
"value": "72.32.177.50"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f97e-e88c-4032-849d-4c5f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[url:value = 'http://azimuth.com.pt/YTkjdJH7w1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f97e-2678-46af-8143-9dc2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'azimuth.com.pt']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59c8f97f-1d84-4154-b141-9b8f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"first_observed": "2017-09-25T12:56:29Z",
|
||
|
"last_observed": "2017-09-25T12:56:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59c8f97f-1d84-4154-b141-9b8f950d210f",
|
||
|
"ipv4-addr--59c8f97f-1d84-4154-b141-9b8f950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59c8f97f-1d84-4154-b141-9b8f950d210f",
|
||
|
"dst_ref": "ipv4-addr--59c8f97f-1d84-4154-b141-9b8f950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59c8f97f-1d84-4154-b141-9b8f950d210f",
|
||
|
"value": "80.172.241.36"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f980-4d24-4b52-a6b8-45dd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[url:value = 'http://baburkuyumculuk.com/YTkjdJH7w1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f980-1a10-449c-8ff4-4db4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'baburkuyumculuk.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59c8f980-3d88-4246-80ef-4f5e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"first_observed": "2017-09-25T12:56:29Z",
|
||
|
"last_observed": "2017-09-25T12:56:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59c8f980-3d88-4246-80ef-4f5e950d210f",
|
||
|
"ipv4-addr--59c8f980-3d88-4246-80ef-4f5e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59c8f980-3d88-4246-80ef-4f5e950d210f",
|
||
|
"dst_ref": "ipv4-addr--59c8f980-3d88-4246-80ef-4f5e950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59c8f980-3d88-4246-80ef-4f5e950d210f",
|
||
|
"value": "213.142.143.191"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f980-130c-4261-ade3-454a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[url:value = 'http://bagnolipisa.it/YTkjdJH7w1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f980-2a50-4b1a-8267-9dc2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'bagnolipisa.it']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59c8f981-bd88-4432-b8c1-4c2f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"first_observed": "2017-09-25T12:56:29Z",
|
||
|
"last_observed": "2017-09-25T12:56:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59c8f981-bd88-4432-b8c1-4c2f950d210f",
|
||
|
"ipv4-addr--59c8f981-bd88-4432-b8c1-4c2f950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59c8f981-bd88-4432-b8c1-4c2f950d210f",
|
||
|
"dst_ref": "ipv4-addr--59c8f981-bd88-4432-b8c1-4c2f950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59c8f981-bd88-4432-b8c1-4c2f950d210f",
|
||
|
"value": "77.72.25.23"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f981-d878-4b0d-8f17-4075950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[url:value = 'http://barberomudanzas.com/YTkjdJH7w1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f981-1400-44b1-b1ed-4df4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'barberomudanzas.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59c8f981-0550-4d85-b6e3-44da950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"first_observed": "2017-09-25T12:56:29Z",
|
||
|
"last_observed": "2017-09-25T12:56:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59c8f981-0550-4d85-b6e3-44da950d210f",
|
||
|
"ipv4-addr--59c8f981-0550-4d85-b6e3-44da950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59c8f981-0550-4d85-b6e3-44da950d210f",
|
||
|
"dst_ref": "ipv4-addr--59c8f981-0550-4d85-b6e3-44da950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59c8f981-0550-4d85-b6e3-44da950d210f",
|
||
|
"value": "188.93.75.198"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f982-981c-4dbb-a0e5-4797950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:28.000Z",
|
||
|
"modified": "2017-09-25T12:56:28.000Z",
|
||
|
"pattern": "[url:value = 'http://bor.uz/YTkjdJH7w1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f982-7b54-4776-921a-9dc2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'bor.uz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f988-7a04-42bb-a64e-4241950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:28.000Z",
|
||
|
"modified": "2017-09-25T12:56:28.000Z",
|
||
|
"pattern": "[url:value = 'http://tertrodefordown.info/af/YTkjdJH7w1']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8f989-aeec-4911-a6f0-4f1a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:28.000Z",
|
||
|
"modified": "2017-09-25T12:56:28.000Z",
|
||
|
"pattern": "[domain-name:value = 'tertrodefordown.info']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:28.000Z",
|
||
|
"modified": "2017-09-25T12:56:28.000Z",
|
||
|
"first_observed": "2017-09-25T12:56:28Z",
|
||
|
"last_observed": "2017-09-25T12:56:28Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
|
||
|
"ipv4-addr--59c8f98c-1ecc-45fc-a30f-40f3950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
|
||
|
"dst_ref": "ipv4-addr--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59c8f98c-1ecc-45fc-a30f-40f3950d210f",
|
||
|
"value": "49.51.36.73"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8fcfd-834c-42e6-862e-403d02de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"description": "- Xchecked via VT: 8dbdd9122dadc54f21747cc4f0ab267c",
|
||
|
"pattern": "[file:hashes.SHA256 = 'b86a830769fcfd54201495353c5ab8931f7ca796ef54a2219a04b9e7cb7d2a7a']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59c8fcfd-39fc-469c-bdaf-4d5802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"description": "- Xchecked via VT: 8dbdd9122dadc54f21747cc4f0ab267c",
|
||
|
"pattern": "[file:hashes.SHA1 = '7f07f3b5ba830d55822f75836f0bbbe0ef579256']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-25T12:56:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59c8fcfd-6024-4980-ba2c-4fe102de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-25T12:56:29.000Z",
|
||
|
"modified": "2017-09-25T12:56:29.000Z",
|
||
|
"first_observed": "2017-09-25T12:56:29Z",
|
||
|
"last_observed": "2017-09-25T12:56:29Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59c8fcfd-6024-4980-ba2c-4fe102de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59c8fcfd-6024-4980-ba2c-4fe102de0b81",
|
||
|
"value": "https://www.virustotal.com/file/b86a830769fcfd54201495353c5ab8931f7ca796ef54a2219a04b9e7cb7d2a7a/analysis/1506338916/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|