3312 lines
136 KiB
JSON
3312 lines
136 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--5a5df567-ad8c-4649-ad06-480f950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:50.000Z",
|
||
|
"modified": "2018-01-16T13:01:50.000Z",
|
||
|
"name": "CthulhuSPRL.be",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--5a5df567-ad8c-4649-ad06-480f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:50.000Z",
|
||
|
"modified": "2018-01-16T13:01:50.000Z",
|
||
|
"name": "OSINT Track to the future - How to use historical intelligence to get back to the future and defend your organization (example using APT28) by ThreatConnect",
|
||
|
"published": "2018-01-16T13:08:05Z",
|
||
|
"object_refs": [
|
||
|
"observed-data--5a5df57d-ab68-4481-91ab-467e950d210f",
|
||
|
"url--5a5df57d-ab68-4481-91ab-467e950d210f",
|
||
|
"indicator--5a5df5ff-5bd4-4127-9885-43df950d210f",
|
||
|
"indicator--5a5df614-1a50-4f57-8dd7-421f950d210f",
|
||
|
"indicator--5a5df615-d44c-4f20-9656-40d4950d210f",
|
||
|
"indicator--5a5df6a9-fecc-4191-a84d-4660950d210f",
|
||
|
"indicator--5a5df6aa-81bc-4ade-a9bd-4bbc950d210f",
|
||
|
"x-misp-attribute--5a5df6aa-bbc8-47b1-b709-4a28950d210f",
|
||
|
"x-misp-attribute--5a5df6aa-42a4-4952-b2da-4dc7950d210f",
|
||
|
"indicator--5a5df6ab-280c-410f-a7a1-49c0950d210f",
|
||
|
"indicator--5a5df6ac-4f98-4963-8a71-47cc950d210f",
|
||
|
"x-misp-attribute--5a5df6ac-3428-4822-8477-4c6d950d210f",
|
||
|
"indicator--5a5df6ad-4b38-4033-a4b0-460d950d210f",
|
||
|
"indicator--5a5df6ad-11c8-4a85-8c4f-4eb7950d210f",
|
||
|
"x-misp-attribute--5a5df6ae-5ec8-4f59-9307-4236950d210f",
|
||
|
"indicator--5a5df6ae-106c-4e03-9bef-4a31950d210f",
|
||
|
"indicator--5a5df6ae-d110-43d8-9c41-40ad950d210f",
|
||
|
"indicator--5a5df6af-9ac4-4674-b7be-4914950d210f",
|
||
|
"indicator--5a5df6af-e824-4795-87e7-491f950d210f",
|
||
|
"x-misp-attribute--5a5df6b0-fe64-4d91-b217-4e24950d210f",
|
||
|
"indicator--5a5df6b0-b848-470c-a618-407c950d210f",
|
||
|
"indicator--5a5df6b1-f908-42b3-9878-4062950d210f",
|
||
|
"indicator--5a5df6b1-f3c8-4264-9e16-49e8950d210f",
|
||
|
"x-misp-attribute--5a5df6b1-4344-4859-837d-40e3950d210f",
|
||
|
"indicator--5a5df6b2-c644-4c64-8064-429e950d210f",
|
||
|
"indicator--5a5df6b2-0244-48ea-b701-4e6d950d210f",
|
||
|
"x-misp-attribute--5a5df6b2-808c-43f9-842a-473e950d210f",
|
||
|
"indicator--5a5df6b3-a46c-435f-994e-492a950d210f",
|
||
|
"indicator--5a5df6b3-877c-4871-942b-444d950d210f",
|
||
|
"x-misp-attribute--5a5df6b4-a6a4-455f-8a95-41da950d210f",
|
||
|
"indicator--5a5df6b4-5550-43a6-bc01-4bdf950d210f",
|
||
|
"indicator--5a5df6b4-ef40-4c05-83f4-4460950d210f",
|
||
|
"x-misp-attribute--5a5df6b5-f264-41cd-905d-4fd5950d210f",
|
||
|
"indicator--5a5df6b6-e9f0-432f-ad6d-4171950d210f",
|
||
|
"x-misp-attribute--5a5df6b6-4440-43b4-98d9-402e950d210f",
|
||
|
"indicator--5a5df6b6-7e78-4926-9f64-4d04950d210f",
|
||
|
"x-misp-attribute--5a5df6b7-867c-43d5-800d-4c23950d210f",
|
||
|
"indicator--5a5df6b7-e19c-40c7-8915-4e7e950d210f",
|
||
|
"x-misp-attribute--5a5df6b8-d954-46c7-8b81-408e950d210f",
|
||
|
"indicator--5a5df6b8-1498-405e-a37a-4fb1950d210f",
|
||
|
"indicator--5a5df6b8-8218-4084-8a40-45de950d210f",
|
||
|
"indicator--5a5df6b9-76d4-41e7-9ee1-4839950d210f",
|
||
|
"x-misp-attribute--5a5df6b9-f2d0-4edc-9d15-463f950d210f",
|
||
|
"indicator--5a5df6ba-da40-4cd4-8615-41d9950d210f",
|
||
|
"indicator--5a5df6ba-0b9c-4dbc-ab80-4cc8950d210f",
|
||
|
"x-misp-attribute--5a5df6ba-e2bc-4b64-aa98-4397950d210f",
|
||
|
"indicator--5a5df6bb-3c58-4764-8948-4bf9950d210f",
|
||
|
"indicator--5a5df6bb-9040-499c-be69-41fc950d210f",
|
||
|
"x-misp-attribute--5a5df6bc-df8c-45db-b889-4a01950d210f",
|
||
|
"indicator--5a5df6bc-056c-439a-b3ef-46a8950d210f",
|
||
|
"indicator--5a5df6bd-d4f0-4b3c-bb63-428d950d210f",
|
||
|
"x-misp-attribute--5a5df6bd-04c0-4167-8fd7-4c19950d210f",
|
||
|
"indicator--5a5df6e4-65e0-451e-9a15-4cc2950d210f",
|
||
|
"indicator--5a5df719-d7e0-467f-904e-4594950d210f",
|
||
|
"x-misp-attribute--5a5df71a-40f0-4dc6-9af7-49e8950d210f",
|
||
|
"indicator--5a5df71a-c810-452e-bc5b-427e950d210f",
|
||
|
"x-misp-attribute--5a5df71b-2a24-4193-9fcb-4c49950d210f",
|
||
|
"indicator--5a5df71b-07a4-4512-99d1-4a58950d210f",
|
||
|
"indicator--5a5df71b-f50c-444b-9fe0-46e6950d210f",
|
||
|
"x-misp-attribute--5a5df71c-ac24-4d9a-adb3-48bc950d210f",
|
||
|
"indicator--5a5df71c-bff4-475e-86b2-4246950d210f",
|
||
|
"x-misp-attribute--5a5df71d-7c6c-4f36-8869-41d4950d210f",
|
||
|
"indicator--5a5df71d-7714-4b38-964d-4ccc950d210f",
|
||
|
"indicator--5a5df71e-d088-4420-8e26-48ec950d210f",
|
||
|
"x-misp-attribute--5a5df71e-7c54-4f75-8f58-4c0f950d210f",
|
||
|
"indicator--5a5df71e-051c-45bf-8cba-4ef3950d210f",
|
||
|
"x-misp-attribute--5a5df71f-518c-432b-a8dd-40e4950d210f",
|
||
|
"indicator--5a5df71f-bd84-40b5-ac61-4724950d210f",
|
||
|
"x-misp-attribute--5a5df720-1aa8-4017-bd5e-4abb950d210f",
|
||
|
"indicator--5a5df720-e678-4617-99a1-4227950d210f",
|
||
|
"x-misp-attribute--5a5df721-7f6c-4c41-8fc9-43f5950d210f",
|
||
|
"indicator--5a5df721-cb7c-4937-bc1a-45d2950d210f",
|
||
|
"x-misp-attribute--5a5df722-c568-4ed7-8a76-48fc950d210f",
|
||
|
"indicator--5a5df722-40b8-49f7-b0d0-43b8950d210f",
|
||
|
"x-misp-attribute--5a5df723-f520-46ff-8b9e-4649950d210f",
|
||
|
"indicator--5a5df759-62f4-4e52-bf15-46de950d210f",
|
||
|
"indicator--5a5df75a-d898-4a9f-b003-4259950d210f",
|
||
|
"x-misp-attribute--5a5df75a-21a4-491c-80ba-47b9950d210f",
|
||
|
"indicator--5a5df75b-8e04-4dd2-8157-4195950d210f",
|
||
|
"indicator--5a5df75b-9570-4708-888b-4154950d210f",
|
||
|
"x-misp-attribute--5a5df75c-7f78-4768-943f-40fb950d210f",
|
||
|
"indicator--5a5df75c-ecb4-4bb6-94fc-497d950d210f",
|
||
|
"indicator--5a5df75c-0f8c-4496-8477-422b950d210f",
|
||
|
"x-misp-attribute--5a5df75d-bd38-4a17-bed7-4ad9950d210f",
|
||
|
"indicator--5a5df75d-3ef4-4cf7-b352-4be5950d210f",
|
||
|
"indicator--5a5df75e-6720-4d46-a220-4018950d210f",
|
||
|
"x-misp-attribute--5a5df75e-f420-4da3-9f43-4267950d210f",
|
||
|
"indicator--5a5df75f-62c8-4103-9d6d-4cbf950d210f",
|
||
|
"indicator--5a5df75f-d46c-4a40-abd3-47ac950d210f",
|
||
|
"x-misp-attribute--5a5df75f-ce78-4774-aeca-4cf2950d210f",
|
||
|
"indicator--5a5df760-2f9c-481c-a0ec-4ca2950d210f",
|
||
|
"indicator--5a5df760-7b04-4a2f-9557-4f38950d210f",
|
||
|
"x-misp-attribute--5a5df761-8274-4c8e-8dfb-4832950d210f",
|
||
|
"indicator--5a5df761-ea30-4abe-9c8c-40e0950d210f",
|
||
|
"indicator--5a5df761-8c68-4723-9f88-4723950d210f",
|
||
|
"x-misp-attribute--5a5df762-89b8-4b7b-8fb9-4c40950d210f",
|
||
|
"indicator--5a5df762-a7cc-4389-86c4-45cb950d210f",
|
||
|
"indicator--5a5df763-4200-4c7a-95f3-4006950d210f",
|
||
|
"x-misp-attribute--5a5df763-7bdc-4d69-8d6f-4419950d210f",
|
||
|
"indicator--5a5df764-9460-4c75-b79f-45f1950d210f",
|
||
|
"indicator--5a5df764-36b8-47b5-9dfb-4b7f950d210f",
|
||
|
"x-misp-attribute--5a5df765-eeb8-4ac0-8d64-483f950d210f",
|
||
|
"indicator--5a5df7a6-bd78-4823-985f-47fb950d210f",
|
||
|
"indicator--5a5df7a7-3c20-46fd-9303-4792950d210f",
|
||
|
"x-misp-attribute--5a5df7a7-c454-47e6-9687-4d59950d210f",
|
||
|
"indicator--5a5df7a8-8794-452b-bf00-463f950d210f",
|
||
|
"indicator--5a5df7a8-1a08-41d1-96ee-4476950d210f",
|
||
|
"indicator--5a5df7a9-b7b8-4385-8df9-493d950d210f",
|
||
|
"x-misp-attribute--5a5df7a9-a600-4059-b27b-429b950d210f",
|
||
|
"indicator--5a5df7aa-6ac0-4fb9-b16c-424d950d210f",
|
||
|
"indicator--5a5df7aa-38cc-41fc-9a4a-4a4f950d210f",
|
||
|
"x-misp-attribute--5a5df7ab-a0a8-46fb-aa79-4779950d210f",
|
||
|
"indicator--5a5df7ab-a990-4685-b749-49c3950d210f",
|
||
|
"x-misp-attribute--5a5df7ac-d9d4-4189-8d7b-461a950d210f",
|
||
|
"indicator--5a5df7ac-cae8-44ac-bdea-4a13950d210f",
|
||
|
"indicator--5a5df7ad-5a64-4402-ac92-4cca950d210f",
|
||
|
"x-misp-attribute--5a5df7ad-1734-4259-b0b0-4060950d210f",
|
||
|
"indicator--5a5df7ae-a0ac-4a19-a289-4ec1950d210f",
|
||
|
"x-misp-attribute--5a5df7ae-abb8-4a4d-a819-497c950d210f",
|
||
|
"indicator--5a5df7ae-dad8-4144-8319-4f77950d210f",
|
||
|
"indicator--5a5df7af-5a50-4b4e-9f90-4d5b950d210f",
|
||
|
"x-misp-attribute--5a5df7b0-554c-4449-beb5-4b04950d210f",
|
||
|
"indicator--5a5df7b0-4fcc-4560-acc3-47b0950d210f",
|
||
|
"indicator--5a5df7b1-0078-407b-b877-4482950d210f",
|
||
|
"x-misp-attribute--5a5df7b1-44bc-4672-bd67-45dc950d210f",
|
||
|
"indicator--5a5df7b2-b7fc-4b31-8dce-422e950d210f",
|
||
|
"indicator--5a5df7b2-3d34-4ef5-ae0d-416a950d210f",
|
||
|
"x-misp-attribute--5a5df7b3-104c-4e0d-8ef3-4ec2950d210f",
|
||
|
"indicator--5a5df7b3-dc5c-4374-a1c3-4542950d210f",
|
||
|
"indicator--5a5df7b4-fb38-413b-b10b-4722950d210f",
|
||
|
"x-misp-attribute--5a5df7b4-c878-453d-96ad-461b950d210f",
|
||
|
"indicator--5a5df7b5-8564-454a-a087-4d19950d210f",
|
||
|
"indicator--5a5df7b5-bf7c-4fef-a7e7-4134950d210f",
|
||
|
"x-misp-attribute--5a5df7b5-f420-4765-87fe-4d81950d210f",
|
||
|
"indicator--5a5df7b6-3c70-4e92-bbc3-49ec950d210f",
|
||
|
"indicator--5a5df7b6-a3ec-4b3f-af02-4c59950d210f",
|
||
|
"x-misp-attribute--5a5df7b7-4a14-45b8-ab31-4e88950d210f",
|
||
|
"indicator--5a5df7b7-6558-49cf-a53b-437a950d210f",
|
||
|
"indicator--5a5df7b8-de10-4298-bd9c-4d78950d210f",
|
||
|
"x-misp-attribute--5a5df7b8-bc90-41b6-989e-41f7950d210f",
|
||
|
"indicator--5a5df7b9-b318-45da-9d2a-4bb9950d210f",
|
||
|
"x-misp-attribute--5a5df7ba-cc84-47ba-b9ec-4d74950d210f",
|
||
|
"indicator--5a5df7ba-578c-4cd1-8257-4739950d210f",
|
||
|
"x-misp-attribute--5a5df7bb-1758-4b9a-9e8c-4c8a950d210f",
|
||
|
"indicator--5a5df7bb-5ba0-44e4-85d4-41dd950d210f",
|
||
|
"indicator--5a5df7bb-b280-4e48-9f29-4483950d210f",
|
||
|
"x-misp-attribute--5a5df7bc-7fcc-492c-8f1d-46b5950d210f",
|
||
|
"indicator--5a5df7bc-c440-4344-9fce-4502950d210f",
|
||
|
"indicator--5a5df7bd-341c-467f-89df-4053950d210f",
|
||
|
"x-misp-attribute--5a5df7bd-e898-4018-981c-48ca950d210f",
|
||
|
"indicator--5a5df7be-3944-4585-ad3f-4f5b950d210f",
|
||
|
"indicator--5a5df7be-2c00-4b56-b261-4747950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"osint:source-type=\"blog-post\"",
|
||
|
"type:OSINT",
|
||
|
"Threat:Sofacy/APT28",
|
||
|
"APT",
|
||
|
"misp-galaxy:threat-actor=\"Sofacy\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--5a5df57d-ab68-4481-91ab-467e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:52:13.000Z",
|
||
|
"modified": "2018-01-16T12:52:13.000Z",
|
||
|
"first_observed": "2018-01-16T12:52:13Z",
|
||
|
"last_observed": "2018-01-16T12:52:13Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--5a5df57d-ab68-4481-91ab-467e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--5a5df57d-ab68-4481-91ab-467e950d210f",
|
||
|
"value": "https://www.threatconnect.com/blog/track-to-the-future/"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df5ff-5bd4-4127-9885-43df950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:54:23.000Z",
|
||
|
"modified": "2018-01-16T12:54:23.000Z",
|
||
|
"pattern": "[file:hashes.SHA1 = 'a1833c32d5f61d6ef9d1bb0133585112069d770e']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:54:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Payload delivery"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df614-1a50-4f57-8dd7-421f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:54:44.000Z",
|
||
|
"modified": "2018-01-16T12:54:44.000Z",
|
||
|
"pattern": "[domain-name:value = 'vvorthyhands.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:54:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df615-d44c-4f20-9656-40d4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:54:45.000Z",
|
||
|
"modified": "2018-01-16T12:54:45.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '131.72.136.165']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:54:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6a9-fecc-4191-a84d-4660950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:13.000Z",
|
||
|
"modified": "2018-01-16T12:57:13.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '130.255.184.196']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6aa-81bc-4ade-a9bd-4bbc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:14.000Z",
|
||
|
"modified": "2018-01-16T12:57:14.000Z",
|
||
|
"pattern": "[domain-name:value = 'adobeincorp.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6aa-bbc8-47b1-b709-4a28950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:14.000Z",
|
||
|
"modified": "2018-01-16T12:57:14.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "rvanholsted@yahoo.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6aa-42a4-4952-b2da-4dc7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:14.000Z",
|
||
|
"modified": "2018-01-16T12:57:14.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "fradmantisun@mail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6ab-280c-410f-a7a1-49c0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:15.000Z",
|
||
|
"modified": "2018-01-16T12:57:15.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '167.114.214.63']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6ac-4f98-4963-8a71-47cc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:16.000Z",
|
||
|
"modified": "2018-01-16T12:57:16.000Z",
|
||
|
"pattern": "[domain-name:value = 'tukangcendol-naikinbuhaji.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6ac-3428-4822-8477-4c6d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:16.000Z",
|
||
|
"modified": "2018-01-16T12:57:16.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "pamelabeauty213@hotmail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6ad-4b38-4033-a4b0-460d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:17.000Z",
|
||
|
"modified": "2018-01-16T12:57:17.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.25.50.117']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6ad-11c8-4a85-8c4f-4eb7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:17.000Z",
|
||
|
"modified": "2018-01-16T12:57:17.000Z",
|
||
|
"pattern": "[domain-name:value = 'bmwriting.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6ae-5ec8-4f59-9307-4236950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:18.000Z",
|
||
|
"modified": "2018-01-16T12:57:18.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "emiliorojas@mail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6ae-106c-4e03-9bef-4a31950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:18.000Z",
|
||
|
"modified": "2018-01-16T12:57:18.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.151.180']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6ae-d110-43d8-9c41-40ad950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:18.000Z",
|
||
|
"modified": "2018-01-16T12:57:18.000Z",
|
||
|
"pattern": "[domain-name:value = 'trbusinesslink.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6af-9ac4-4674-b7be-4914950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:19.000Z",
|
||
|
"modified": "2018-01-16T12:57:19.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.251.187.145']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6af-e824-4795-87e7-491f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:19.000Z",
|
||
|
"modified": "2018-01-16T12:57:19.000Z",
|
||
|
"pattern": "[domain-name:value = 'mailpho.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6b0-fe64-4d91-b217-4e24950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:20.000Z",
|
||
|
"modified": "2018-01-16T12:57:20.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "emmer.brown@mail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b0-b848-470c-a618-407c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:20.000Z",
|
||
|
"modified": "2018-01-16T12:57:20.000Z",
|
||
|
"pattern": "[domain-name:value = 'qov.al']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b1-f908-42b3-9878-4062950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:21.000Z",
|
||
|
"modified": "2018-01-16T12:57:21.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '45.32.129.185']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b1-f3c8-4264-9e16-49e8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:21.000Z",
|
||
|
"modified": "2018-01-16T12:57:21.000Z",
|
||
|
"pattern": "[domain-name:value = 'misdepatrment.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:21Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6b1-4344-4859-837d-40e3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:21.000Z",
|
||
|
"modified": "2018-01-16T12:57:21.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "frank_merdeux@europe.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b2-c644-4c64-8064-429e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:22.000Z",
|
||
|
"modified": "2018-01-16T12:57:22.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.113.232.196']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b2-0244-48ea-b701-4e6d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:22.000Z",
|
||
|
"modified": "2018-01-16T12:57:22.000Z",
|
||
|
"pattern": "[domain-name:value = 'uniquecorpind.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:22Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6b2-808c-43f9-842a-473e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:22.000Z",
|
||
|
"modified": "2018-01-16T12:57:22.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "yasiner@myself.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b3-a46c-435f-994e-492a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:23.000Z",
|
||
|
"modified": "2018-01-16T12:57:23.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.1.136']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b3-877c-4871-942b-444d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:23.000Z",
|
||
|
"modified": "2018-01-16T12:57:23.000Z",
|
||
|
"pattern": "[domain-name:value = 'securelink1.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:23Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6b4-a6a4-455f-8a95-41da950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:24.000Z",
|
||
|
"modified": "2018-01-16T12:57:24.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "domainhosting@tuta.io"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b4-5550-43a6-bc01-4bdf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:24.000Z",
|
||
|
"modified": "2018-01-16T12:57:24.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.45.67.12']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b4-ef40-4c05-83f4-4460950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:24.000Z",
|
||
|
"modified": "2018-01-16T12:57:24.000Z",
|
||
|
"pattern": "[domain-name:value = 'cvvshop.lv']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:24Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6b5-f264-41cd-905d-4fd5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:25.000Z",
|
||
|
"modified": "2018-01-16T12:57:25.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "albert1408@live.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b6-e9f0-432f-ad6d-4171950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:26.000Z",
|
||
|
"modified": "2018-01-16T12:57:26.000Z",
|
||
|
"pattern": "[domain-name:value = 'googlegoogie.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6b6-4440-43b4-98d9-402e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:26.000Z",
|
||
|
"modified": "2018-01-16T12:57:26.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "parpale@inbox.lv"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b6-7e78-4926-9f64-4d04950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:26.000Z",
|
||
|
"modified": "2018-01-16T12:57:26.000Z",
|
||
|
"pattern": "[domain-name:value = 'zimbra-service.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6b7-867c-43d5-800d-4c23950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:27.000Z",
|
||
|
"modified": "2018-01-16T12:57:27.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "js_69tt@india.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b7-e19c-40c7-8915-4e7e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:27.000Z",
|
||
|
"modified": "2018-01-16T12:57:27.000Z",
|
||
|
"pattern": "[domain-name:value = 'zimbra-servicing.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6b8-d954-46c7-8b81-408e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:28.000Z",
|
||
|
"modified": "2018-01-16T12:57:28.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "kohler.yoh71@hotmail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b8-1498-405e-a37a-4fb1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:28.000Z",
|
||
|
"modified": "2018-01-16T12:57:28.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.114.92.102']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b8-8218-4084-8a40-45de950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:28.000Z",
|
||
|
"modified": "2018-01-16T12:57:28.000Z",
|
||
|
"pattern": "[domain-name:value = 'networkschecker.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6b9-76d4-41e7-9ee1-4839950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:29.000Z",
|
||
|
"modified": "2018-01-16T12:57:29.000Z",
|
||
|
"pattern": "[domain-name:value = 'networkschecker.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6b9-f2d0-4edc-9d15-463f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:29.000Z",
|
||
|
"modified": "2018-01-16T12:57:29.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "edvard_jozef@centrum.cz"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6ba-da40-4cd4-8615-41d9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:30.000Z",
|
||
|
"modified": "2018-01-16T12:57:30.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.177.12.157']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6ba-0b9c-4dbc-ab80-4cc8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:30.000Z",
|
||
|
"modified": "2018-01-16T12:57:30.000Z",
|
||
|
"pattern": "[domain-name:value = 'netcorpscanprotect.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6ba-e2bc-4b64-aa98-4397950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:30.000Z",
|
||
|
"modified": "2018-01-16T12:57:30.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "ernesto.rivero@mail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6bb-3c58-4764-8948-4bf9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:31.000Z",
|
||
|
"modified": "2018-01-16T12:57:31.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '94.177.12.74']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6bb-9040-499c-be69-41fc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:31.000Z",
|
||
|
"modified": "2018-01-16T12:57:31.000Z",
|
||
|
"pattern": "[domain-name:value = 'zpfgr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6bc-df8c-45db-b889-4a01950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:32.000Z",
|
||
|
"modified": "2018-01-16T12:57:32.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "olavi_nieminen@suomi24.fi"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6bc-056c-439a-b3ef-46a8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:32.000Z",
|
||
|
"modified": "2018-01-16T12:57:32.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.215.44.38']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6bd-d4f0-4b3c-bb63-428d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:33.000Z",
|
||
|
"modified": "2018-01-16T12:57:33.000Z",
|
||
|
"pattern": "[domain-name:value = 'netcloselysecure.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:57:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df6bd-04c0-4167-8fd7-4c19950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:57:33.000Z",
|
||
|
"modified": "2018-01-16T12:57:33.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "jesddin@europe.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df6e4-65e0-451e-9a15-4cc2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:58:12.000Z",
|
||
|
"modified": "2018-01-16T12:58:12.000Z",
|
||
|
"pattern": "[domain-name:value = 'zimbra-servicing.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:58:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df719-d7e0-467f-904e-4594950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:05.000Z",
|
||
|
"modified": "2018-01-16T12:59:05.000Z",
|
||
|
"pattern": "[domain-name:value = 'iscellane.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:59:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df71a-40f0-4dc6-9af7-49e8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:06.000Z",
|
||
|
"modified": "2018-01-16T12:59:06.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "th.kais@yahoo.de"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df71a-c810-452e-bc5b-427e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:06.000Z",
|
||
|
"modified": "2018-01-16T12:59:06.000Z",
|
||
|
"pattern": "[domain-name:value = 'mail-account-yahoo.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:59:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df71b-2a24-4193-9fcb-4c49950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:07.000Z",
|
||
|
"modified": "2018-01-16T12:59:07.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "pirat@iname.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df71b-07a4-4512-99d1-4a58950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:07.000Z",
|
||
|
"modified": "2018-01-16T12:59:07.000Z",
|
||
|
"pattern": "[domain-name:value = 'us-mg6-mail-yahoo.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:59:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df71b-f50c-444b-9fe0-46e6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:07.000Z",
|
||
|
"modified": "2018-01-16T12:59:07.000Z",
|
||
|
"pattern": "[domain-name:value = 'edit-mail-yahoo.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:59:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df71c-ac24-4d9a-adb3-48bc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:08.000Z",
|
||
|
"modified": "2018-01-16T12:59:08.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "lary@asia.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df71c-bff4-475e-86b2-4246950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:08.000Z",
|
||
|
"modified": "2018-01-16T12:59:08.000Z",
|
||
|
"pattern": "[domain-name:value = 'outlook-security.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:59:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df71d-7c6c-4f36-8869-41d4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:09.000Z",
|
||
|
"modified": "2018-01-16T12:59:09.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "k.pavuls@yahoo.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df71d-7714-4b38-964d-4ccc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:09.000Z",
|
||
|
"modified": "2018-01-16T12:59:09.000Z",
|
||
|
"pattern": "[domain-name:value = 'security-ukr.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:59:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df71e-d088-4420-8e26-48ec950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:10.000Z",
|
||
|
"modified": "2018-01-16T12:59:10.000Z",
|
||
|
"pattern": "[domain-name:value = 'web-privacy-guardian.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:59:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df71e-7c54-4f75-8f58-4c0f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:10.000Z",
|
||
|
"modified": "2018-01-16T12:59:10.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "labbylusak@mail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df71e-051c-45bf-8cba-4ef3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:10.000Z",
|
||
|
"modified": "2018-01-16T12:59:10.000Z",
|
||
|
"pattern": "[domain-name:value = 'highcomission.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:59:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df71f-518c-432b-a8dd-40e4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:11.000Z",
|
||
|
"modified": "2018-01-16T12:59:11.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "brown_pool@india.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df71f-bd84-40b5-ac61-4724950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:11.000Z",
|
||
|
"modified": "2018-01-16T12:59:11.000Z",
|
||
|
"pattern": "[domain-name:value = 'uzbekistan-mfa.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:59:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df720-1aa8-4017-bd5e-4abb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:12.000Z",
|
||
|
"modified": "2018-01-16T12:59:12.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "kad_75isl@india.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df720-e678-4617-99a1-4227950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:12.000Z",
|
||
|
"modified": "2018-01-16T12:59:12.000Z",
|
||
|
"pattern": "[domain-name:value = 'defence-adviser.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:59:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df721-7f6c-4c41-8fc9-43f5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:13.000Z",
|
||
|
"modified": "2018-01-16T12:59:13.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "juh.rss@mail.ee"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df721-cb7c-4937-bc1a-45d2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:13.000Z",
|
||
|
"modified": "2018-01-16T12:59:13.000Z",
|
||
|
"pattern": "[domain-name:value = 'computers0ft.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:59:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df722-c568-4ed7-8a76-48fc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:14.000Z",
|
||
|
"modified": "2018-01-16T12:59:14.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "lien.jo@mail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df722-40b8-49f7-b0d0-43b8950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:14.000Z",
|
||
|
"modified": "2018-01-16T12:59:14.000Z",
|
||
|
"pattern": "[domain-name:value = 'dislocationineconomic.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T12:59:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df723-f520-46ff-8b9e-4649950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T12:59:15.000Z",
|
||
|
"modified": "2018-01-16T12:59:15.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "isac.blomqvist.free@mail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df759-62f4-4e52-bf15-46de950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:09.000Z",
|
||
|
"modified": "2018-01-16T13:00:09.000Z",
|
||
|
"pattern": "[domain-name:value = 'cdn-ch.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df75a-d898-4a9f-b003-4259950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:10.000Z",
|
||
|
"modified": "2018-01-16T13:00:10.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.18.113']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df75a-21a4-491c-80ba-47b9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:10.000Z",
|
||
|
"modified": "2018-01-16T13:00:10.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "spencevickia@email.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df75b-8e04-4dd2-8157-4195950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:11.000Z",
|
||
|
"modified": "2018-01-16T13:00:11.000Z",
|
||
|
"pattern": "[domain-name:value = 'jpoweradmin.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df75b-9570-4708-888b-4154950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:11.000Z",
|
||
|
"modified": "2018-01-16T13:00:11.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.106.93.111']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df75c-7f78-4768-943f-40fb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:12.000Z",
|
||
|
"modified": "2018-01-16T13:00:12.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "keiyokoyama1990@mail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df75c-ecb4-4bb6-94fc-497d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:12.000Z",
|
||
|
"modified": "2018-01-16T13:00:12.000Z",
|
||
|
"pattern": "[domain-name:value = 'bitlinkcut.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df75c-0f8c-4496-8477-422b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:12.000Z",
|
||
|
"modified": "2018-01-16T13:00:12.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.45.67.189']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:12Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df75d-bd38-4a17-bed7-4ad9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:13.000Z",
|
||
|
"modified": "2018-01-16T13:00:13.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "agosti@email.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df75d-3ef4-4cf7-b352-4be5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:13.000Z",
|
||
|
"modified": "2018-01-16T13:00:13.000Z",
|
||
|
"pattern": "[domain-name:value = 'login-freemail.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:13Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df75e-6720-4d46-a220-4018950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:14.000Z",
|
||
|
"modified": "2018-01-16T13:00:14.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.104.15.105']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:14Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df75e-f420-4da3-9f43-4267950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:14.000Z",
|
||
|
"modified": "2018-01-16T13:00:14.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "v.lebzyak@i.ua"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df75f-62c8-4103-9d6d-4cbf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:15.000Z",
|
||
|
"modified": "2018-01-16T13:00:15.000Z",
|
||
|
"pattern": "[domain-name:value = 'events-spot.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df75f-d46c-4a40-abd3-47ac950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:15.000Z",
|
||
|
"modified": "2018-01-16T13:00:15.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.102.152.172']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:15Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df75f-ce78-4774-aeca-4cf2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:15.000Z",
|
||
|
"modified": "2018-01-16T13:00:15.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "mathiasmartens1983@mail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df760-2f9c-481c-a0ec-4ca2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:16.000Z",
|
||
|
"modified": "2018-01-16T13:00:16.000Z",
|
||
|
"pattern": "[domain-name:value = 'carlinocg.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df760-7b04-4a2f-9557-4f38950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:16.000Z",
|
||
|
"modified": "2018-01-16T13:00:16.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.33.64.123']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:16Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df761-8274-4c8e-8dfb-4832950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:17.000Z",
|
||
|
"modified": "2018-01-16T13:00:17.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "bischofco@tutamail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df761-ea30-4abe-9c8c-40e0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:17.000Z",
|
||
|
"modified": "2018-01-16T13:00:17.000Z",
|
||
|
"pattern": "[domain-name:value = 'gmail-google-accounts.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df761-8c68-4723-9f88-4723950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:17.000Z",
|
||
|
"modified": "2018-01-16T13:00:17.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.227.212']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:17Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df762-89b8-4b7b-8fb9-4c40950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:18.000Z",
|
||
|
"modified": "2018-01-16T13:00:18.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "tovarasuceausescu@inbox.lv"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df762-a7cc-4389-86c4-45cb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:18.000Z",
|
||
|
"modified": "2018-01-16T13:00:18.000Z",
|
||
|
"pattern": "[domain-name:value = 'com-statistics.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:18Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df763-4200-4c7a-95f3-4006950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:19.000Z",
|
||
|
"modified": "2018-01-16T13:00:19.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.1.111']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:19Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df763-7bdc-4d69-8d6f-4419950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:19.000Z",
|
||
|
"modified": "2018-01-16T13:00:19.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "thelucasbertrand@mail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df764-9460-4c75-b79f-45f1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:20.000Z",
|
||
|
"modified": "2018-01-16T13:00:20.000Z",
|
||
|
"pattern": "[domain-name:value = 'mailer-support.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df764-36b8-47b5-9dfb-4b7f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:20.000Z",
|
||
|
"modified": "2018-01-16T13:00:20.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.37.226.120']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:00:20Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df765-eeb8-4ac0-8d64-483f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:00:21.000Z",
|
||
|
"modified": "2018-01-16T13:00:21.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "375walker@india.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7a6-bd78-4823-985f-47fb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:26.000Z",
|
||
|
"modified": "2018-01-16T13:01:26.000Z",
|
||
|
"pattern": "[domain-name:value = 'akamaisoft.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7a7-3c20-46fd-9303-4792950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:27.000Z",
|
||
|
"modified": "2018-01-16T13:01:27.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.1.102']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:27Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7a7-c454-47e6-9687-4d59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:27.000Z",
|
||
|
"modified": "2018-01-16T13:01:27.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "leesa92@chewiemail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7a8-8794-452b-bf00-463f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:28.000Z",
|
||
|
"modified": "2018-01-16T13:01:28.000Z",
|
||
|
"pattern": "[domain-name:value = 'cleanphonetrksftware.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7a8-1a08-41d1-96ee-4476950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:28.000Z",
|
||
|
"modified": "2018-01-16T13:01:28.000Z",
|
||
|
"pattern": "[domain-name:value = 'appservicegroup.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:28Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7a9-b7b8-4385-8df9-493d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:29.000Z",
|
||
|
"modified": "2018-01-16T13:01:29.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.102.152.132']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:29Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7a9-a600-4059-b27b-429b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:29.000Z",
|
||
|
"modified": "2018-01-16T13:01:29.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "olivier_servgr@mail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7aa-6ac0-4fb9-b16c-424d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:30.000Z",
|
||
|
"modified": "2018-01-16T13:01:30.000Z",
|
||
|
"pattern": "[domain-name:value = 'ppcodecs.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7aa-38cc-41fc-9a4a-4a4f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:30.000Z",
|
||
|
"modified": "2018-01-16T13:01:30.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.113.232.197']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:30Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7ab-a0a8-46fb-aa79-4779950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:31.000Z",
|
||
|
"modified": "2018-01-16T13:01:31.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "chpiost8n@post.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7ab-a990-4685-b749-49c3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:31.000Z",
|
||
|
"modified": "2018-01-16T13:01:31.000Z",
|
||
|
"pattern": "[domain-name:value = 'apptaskserver.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:31Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7ac-d9d4-4189-8d7b-461a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:32.000Z",
|
||
|
"modified": "2018-01-16T13:01:32.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "partanencomp@mail.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7ac-cae8-44ac-bdea-4a13950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:32.000Z",
|
||
|
"modified": "2018-01-16T13:01:32.000Z",
|
||
|
"pattern": "[domain-name:value = 'akamaisoftupdate.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:32Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7ad-5a64-4402-ac92-4cca950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:33.000Z",
|
||
|
"modified": "2018-01-16T13:01:33.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.45.67.20']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:33Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7ad-1734-4259-b0b0-4060950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:33.000Z",
|
||
|
"modified": "2018-01-16T13:01:33.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "mahuudd@centrum.cz"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7ae-a0ac-4a19-a289-4ec1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:34.000Z",
|
||
|
"modified": "2018-01-16T13:01:34.000Z",
|
||
|
"pattern": "[domain-name:value = 'applecloudupdate.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7ae-abb8-4a4d-a819-497c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:34.000Z",
|
||
|
"modified": "2018-01-16T13:01:34.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "ll1kllan@engineer.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7ae-dad8-4144-8319-4f77950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:34.000Z",
|
||
|
"modified": "2018-01-16T13:01:34.000Z",
|
||
|
"pattern": "[domain-name:value = 'joshel.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7af-5a50-4b4e-9f90-4d5b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:35.000Z",
|
||
|
"modified": "2018-01-16T13:01:35.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.105.1.13']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7b0-554c-4449-beb5-4b04950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:36.000Z",
|
||
|
"modified": "2018-01-16T13:01:36.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "germsuz86@centrum.cz"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7b0-4fcc-4560-acc3-47b0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:36.000Z",
|
||
|
"modified": "2018-01-16T13:01:36.000Z",
|
||
|
"pattern": "[domain-name:value = 'noticermk.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7b1-0078-407b-b877-4482950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:37.000Z",
|
||
|
"modified": "2018-01-16T13:01:37.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.215.47.162']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7b1-44bc-4672-bd67-45dc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:37.000Z",
|
||
|
"modified": "2018-01-16T13:01:37.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "frfdccr42@centrum.cz"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7b2-b7fc-4b31-8dce-422e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:38.000Z",
|
||
|
"modified": "2018-01-16T13:01:38.000Z",
|
||
|
"pattern": "[domain-name:value = 'runvercheck.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7b2-3d34-4ef5-ae0d-416a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:38.000Z",
|
||
|
"modified": "2018-01-16T13:01:38.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.156.173.70']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7b3-104c-4e0d-8ef3-4ec2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:39.000Z",
|
||
|
"modified": "2018-01-16T13:01:39.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "cauel-mino@centrum.cz"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7b3-dc5c-4374-a1c3-4542950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:39.000Z",
|
||
|
"modified": "2018-01-16T13:01:39.000Z",
|
||
|
"pattern": "[domain-name:value = 'reportscanprotecting.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7b4-fb38-413b-b10b-4722950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:40.000Z",
|
||
|
"modified": "2018-01-16T13:01:40.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '146.0.43.98']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7b4-c878-453d-96ad-461b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:40.000Z",
|
||
|
"modified": "2018-01-16T13:01:40.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "abor.g.s@europe.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7b5-8564-454a-a087-4d19950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:41.000Z",
|
||
|
"modified": "2018-01-16T13:01:41.000Z",
|
||
|
"pattern": "[domain-name:value = 'gtranm.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7b5-bf7c-4fef-a7e7-4134950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:41.000Z",
|
||
|
"modified": "2018-01-16T13:01:41.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.42.212.141']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7b5-f420-4765-87fe-4d81950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:41.000Z",
|
||
|
"modified": "2018-01-16T13:01:41.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "wee7_nim@centrum.cz"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7b6-3c70-4e92-bbc3-49ec950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:42.000Z",
|
||
|
"modified": "2018-01-16T13:01:42.000Z",
|
||
|
"pattern": "[domain-name:value = 'evbrax.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7b6-a3ec-4b3f-af02-4c59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:42.000Z",
|
||
|
"modified": "2018-01-16T13:01:42.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.41.177.44']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7b7-4a14-45b8-ab31-4e88950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:43.000Z",
|
||
|
"modified": "2018-01-16T13:01:43.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "kern82@gmx.net"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7b7-6558-49cf-a53b-437a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:43.000Z",
|
||
|
"modified": "2018-01-16T13:01:43.000Z",
|
||
|
"pattern": "[domain-name:value = 'acrobatportable.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7b8-de10-4298-bd9c-4d78950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:44.000Z",
|
||
|
"modified": "2018-01-16T13:01:44.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.215.47.226']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7b8-bc90-41b6-989e-41f7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:44.000Z",
|
||
|
"modified": "2018-01-16T13:01:44.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "jul_marian@centrum.cz"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7b9-b318-45da-9d2a-4bb9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:45.000Z",
|
||
|
"modified": "2018-01-16T13:01:45.000Z",
|
||
|
"pattern": "[domain-name:value = 'hotfixmsupload.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7ba-cc84-47ba-b9ec-4d74950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:46.000Z",
|
||
|
"modified": "2018-01-16T13:01:46.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "luca_dozi@myself.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7ba-578c-4cd1-8257-4739950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:46.000Z",
|
||
|
"modified": "2018-01-16T13:01:46.000Z",
|
||
|
"pattern": "[domain-name:value = 'lowprt.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7bb-1758-4b9a-9e8c-4c8a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:47.000Z",
|
||
|
"modified": "2018-01-16T13:01:47.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "avramberkovic@centrum.cz"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7bb-5ba0-44e4-85d4-41dd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:47.000Z",
|
||
|
"modified": "2018-01-16T13:01:47.000Z",
|
||
|
"pattern": "[domain-name:value = 'lgemon.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7bb-b280-4e48-9f29-4483950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:47.000Z",
|
||
|
"modified": "2018-01-16T13:01:47.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '173.243.112.202']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7bc-7fcc-492c-8f1d-46b5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:48.000Z",
|
||
|
"modified": "2018-01-16T13:01:48.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "ezgune@cock.li"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7bc-c440-4344-9fce-4502950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:48.000Z",
|
||
|
"modified": "2018-01-16T13:01:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'downloadsstore.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7bd-341c-467f-89df-4053950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:49.000Z",
|
||
|
"modified": "2018-01-16T13:01:49.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '86.104.15.165']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "x-misp-attribute",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "x-misp-attribute--5a5df7bd-e898-4018-981c-48ca950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:49.000Z",
|
||
|
"modified": "2018-01-16T13:01:49.000Z",
|
||
|
"labels": [
|
||
|
"misp:type=\"whois-registrant-email\"",
|
||
|
"misp:category=\"Payload delivery\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
],
|
||
|
"x_misp_category": "Payload delivery",
|
||
|
"x_misp_type": "whois-registrant-email",
|
||
|
"x_misp_value": "tiana_webster@myself.com"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7be-3944-4585-ad3f-4f5b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:50.000Z",
|
||
|
"modified": "2018-01-16T13:01:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'rapidfileuploader.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"domain\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--5a5df7be-2c00-4b56-b261-4747950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
||
|
"created": "2018-01-16T13:01:50.000Z",
|
||
|
"modified": "2018-01-16T13:01:50.000Z",
|
||
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.86.148.212']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2018-01-16T13:01:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|