2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--551e8745-ace0-461c-b9eb-ce36950d210b",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:06.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:06.000Z",
|
|
|
|
"name": "CthulhuSPRL.be",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--551e8745-ace0-461c-b9eb-ce36950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:06.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:06.000Z",
|
|
|
|
"name": "OSINT The Dyre Wolf report from IBM",
|
|
|
|
"published": "2015-04-03T19:58:26Z",
|
|
|
|
"object_refs": [
|
|
|
|
"observed-data--551e876a-e8dc-4bfe-8397-7455950d210b",
|
|
|
|
"url--551e876a-e8dc-4bfe-8397-7455950d210b",
|
|
|
|
"observed-data--551e876b-31e4-4dbe-b9d6-7455950d210b",
|
|
|
|
"url--551e876b-31e4-4dbe-b9d6-7455950d210b",
|
|
|
|
"observed-data--551e9fc9-fc8c-4835-bf1b-4aad950d210b",
|
|
|
|
"url--551e9fc9-fc8c-4835-bf1b-4aad950d210b",
|
|
|
|
"x-misp-attribute--551e9fee-3528-4bab-a204-4e81950d210b",
|
|
|
|
"x-misp-attribute--551e9fee-6190-4c7d-b743-4639950d210b",
|
|
|
|
"observed-data--551ea0e2-1e6c-478f-8a40-4c6f950d210b",
|
|
|
|
"domain-name--551ea0e2-1e6c-478f-8a40-4c6f950d210b",
|
|
|
|
"observed-data--551ea0fb-b928-454f-a553-ce36950d210b",
|
|
|
|
"domain-name--551ea0fb-b928-454f-a553-ce36950d210b",
|
|
|
|
"indicator--551ea164-a78c-413e-b3aa-7455950d210b",
|
|
|
|
"indicator--551ea164-b32c-4a79-941d-7455950d210b",
|
|
|
|
"indicator--551ea164-3728-4b72-accd-7455950d210b",
|
|
|
|
"observed-data--551ea1c0-7dc4-464c-9e6a-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c0-7dc4-464c-9e6a-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c0-6540-4dae-8f68-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c0-6540-4dae-8f68-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c0-315c-4dab-9d90-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c0-315c-4dab-9d90-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c0-9fe0-4962-96b3-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c0-9fe0-4962-96b3-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c0-5de8-4824-8a60-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c0-5de8-4824-8a60-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c0-d674-4cbf-9a1e-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c0-d674-4cbf-9a1e-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c1-fca4-4854-91f4-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c1-fca4-4854-91f4-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c1-4e08-48f9-9273-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c1-4e08-48f9-9273-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c1-400c-4c34-8dd6-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c1-400c-4c34-8dd6-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c1-20d8-4c11-b158-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c1-20d8-4c11-b158-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c1-a2c0-4582-9638-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c1-a2c0-4582-9638-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c1-cb48-4b06-889a-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c1-cb48-4b06-889a-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c1-da14-4d3a-a498-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c1-da14-4d3a-a498-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c1-db20-4af5-84b2-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c1-db20-4af5-84b2-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c2-210c-4b27-8b9c-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c2-210c-4b27-8b9c-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c2-6c20-4562-bf26-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c2-6c20-4562-bf26-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c2-4958-40e8-915d-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c2-4958-40e8-915d-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c2-633c-42cb-bedb-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c2-633c-42cb-bedb-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c2-605c-4628-8b62-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c2-605c-4628-8b62-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c2-c89c-4bb1-9332-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c2-c89c-4bb1-9332-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c2-7394-407b-bb05-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c2-7394-407b-bb05-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c2-2488-4939-af5f-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c2-2488-4939-af5f-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c2-c4f8-4906-b4dc-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c2-c4f8-4906-b4dc-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c3-f780-4277-9492-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c3-f780-4277-9492-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c3-c928-4bf5-b635-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c3-c928-4bf5-b635-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c3-b6d8-40f4-b443-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c3-b6d8-40f4-b443-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c3-44d4-4789-83ce-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c3-44d4-4789-83ce-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c3-f344-4b27-b4f0-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c3-f344-4b27-b4f0-fb7b950d210b",
|
|
|
|
"observed-data--551ea1c3-1ed0-457a-8037-fb7b950d210b",
|
|
|
|
"domain-name--551ea1c3-1ed0-457a-8037-fb7b950d210b",
|
|
|
|
"indicator--551ea1df-5384-430d-beb3-40e9950d210b",
|
|
|
|
"indicator--551ea1fb-4eb8-4a26-95e0-4a04950d210b",
|
|
|
|
"indicator--551ea24a-695c-4c5e-ae24-4924950d210b",
|
|
|
|
"indicator--551ea24a-9de8-4cd6-bdb5-43fc950d210b",
|
|
|
|
"indicator--551ea24a-6770-4a03-b467-4ec6950d210b",
|
|
|
|
"indicator--551ea24a-c9a8-43a8-8e62-47d7950d210b",
|
|
|
|
"indicator--551ea24a-fd00-453a-9056-4608950d210b",
|
|
|
|
"indicator--551ea24a-de84-45eb-827b-4e50950d210b",
|
|
|
|
"indicator--551ea24a-cb60-4ccb-b9a8-474e950d210b",
|
|
|
|
"indicator--551ea24a-e0c8-4498-b40f-4150950d210b",
|
|
|
|
"indicator--551ea24b-1578-4778-918d-466f950d210b",
|
|
|
|
"indicator--551ea24b-bbf8-4a1c-a2d5-48ab950d210b",
|
|
|
|
"indicator--551ea24b-b1a8-4f11-be97-43d0950d210b",
|
|
|
|
"indicator--551ea24b-b50c-43f9-af34-4a30950d210b",
|
|
|
|
"indicator--551ea24b-74e0-4f97-a515-4938950d210b",
|
|
|
|
"indicator--551ea24b-ea40-4163-9d5b-4359950d210b",
|
|
|
|
"indicator--551ea24b-bbc4-4372-8fbc-4def950d210b",
|
|
|
|
"indicator--551ea24b-e2b8-4f99-b93d-47b1950d210b",
|
|
|
|
"indicator--551ea24b-73c8-4767-96e4-49a8950d210b",
|
|
|
|
"indicator--551ea24c-3860-4af5-9862-4c81950d210b",
|
|
|
|
"indicator--551ea24c-1f40-4373-bf1f-4e0a950d210b",
|
|
|
|
"indicator--551ea24c-3204-4a0c-96a9-4063950d210b",
|
|
|
|
"indicator--551ea24c-cd38-4433-b76c-43af950d210b",
|
|
|
|
"indicator--551ea24c-0564-448e-a112-40b7950d210b",
|
|
|
|
"indicator--551ea24c-1bf0-4db6-accc-4dbc950d210b",
|
|
|
|
"indicator--551ea24c-11ac-4fce-9251-4e52950d210b",
|
|
|
|
"indicator--551ea24c-18bc-458b-a8e9-46ef950d210b",
|
|
|
|
"indicator--551ea24c-2280-4eac-a664-472f950d210b",
|
|
|
|
"indicator--551ea24d-2850-435e-891d-4698950d210b",
|
|
|
|
"indicator--551ea24d-2e00-4dd6-abfa-40cc950d210b",
|
|
|
|
"indicator--551ea24d-91b4-4331-bb89-4513950d210b",
|
|
|
|
"indicator--551ea24d-0c2c-4d3d-8af7-4de8950d210b",
|
|
|
|
"indicator--551ea24d-b1a8-4ce4-b0f3-4b5b950d210b",
|
|
|
|
"indicator--551ea24d-6210-45dd-af86-4a44950d210b",
|
|
|
|
"indicator--551ea24d-4ed0-4e60-b7d7-49f2950d210b",
|
|
|
|
"indicator--551ea24d-1938-499a-8c54-45f8950d210b",
|
|
|
|
"indicator--551ea24d-5acc-416c-9161-43e0950d210b",
|
|
|
|
"indicator--551ea24e-0020-40f0-90c2-41d6950d210b",
|
|
|
|
"indicator--551ea24e-d2a0-4e33-bd1b-4543950d210b",
|
|
|
|
"indicator--551ea24e-4d04-4fb0-90fc-4333950d210b",
|
|
|
|
"indicator--551ea24e-95cc-41b6-9d57-41b8950d210b",
|
|
|
|
"indicator--551ea24e-1fac-42ac-a186-4a41950d210b",
|
|
|
|
"indicator--551ea24e-6644-48a6-ab21-480f950d210b",
|
|
|
|
"indicator--551ea24e-9794-40a9-9af5-4f5b950d210b",
|
|
|
|
"indicator--551ea24e-6c24-47d6-9a8d-4644950d210b",
|
|
|
|
"indicator--551ea24e-d4d0-429a-9419-4b6f950d210b",
|
|
|
|
"indicator--551ea24e-93e4-48a2-adc0-4332950d210b",
|
|
|
|
"indicator--551ea24f-9100-4ee2-afe3-4fd0950d210b",
|
|
|
|
"indicator--551ea24f-a0b8-4b9b-b2de-4a7d950d210b",
|
|
|
|
"indicator--551ea24f-8094-425e-b74a-4961950d210b",
|
|
|
|
"indicator--551ea24f-9458-4755-bb97-4dca950d210b",
|
|
|
|
"indicator--551ea24f-0cc0-4363-a71d-45b6950d210b",
|
|
|
|
"indicator--551ea24f-614c-4347-a891-44f9950d210b",
|
|
|
|
"indicator--551ea24f-b79c-4259-918e-436e950d210b",
|
|
|
|
"indicator--551ea24f-6ea8-4a6a-aaba-466a950d210b",
|
|
|
|
"indicator--551ea24f-4478-4592-9009-447f950d210b",
|
|
|
|
"indicator--551ea250-5bf8-4845-b140-4e9e950d210b",
|
|
|
|
"indicator--551ea250-934c-4663-a0cd-477b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"type:OSINT"
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551e876a-e8dc-4bfe-8397-7455950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T12:28:26.000Z",
|
|
|
|
"modified": "2015-04-03T12:28:26.000Z",
|
|
|
|
"first_observed": "2015-04-03T12:28:26Z",
|
|
|
|
"last_observed": "2015-04-03T12:28:26Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--551e876a-e8dc-4bfe-8397-7455950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--551e876a-e8dc-4bfe-8397-7455950d210b",
|
|
|
|
"value": "http://securityintelligence.com/dyre-wolf/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551e876b-31e4-4dbe-b9d6-7455950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T12:28:27.000Z",
|
|
|
|
"modified": "2015-04-03T12:28:27.000Z",
|
|
|
|
"first_observed": "2015-04-03T12:28:27Z",
|
|
|
|
"last_observed": "2015-04-03T12:28:27Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--551e876b-31e4-4dbe-b9d6-7455950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--551e876b-31e4-4dbe-b9d6-7455950d210b",
|
|
|
|
"value": "https://portal.sec.ibm.com/mss/html/en_US/support_resources/pdf/dyre_wolf_4-2-2015.html?ce=ISM0484&ct=SWG&cmp=IBMSocial&cm=h&cr=Security&ccy=US"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551e9fc9-fc8c-4835-bf1b-4aad950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:12:25.000Z",
|
|
|
|
"modified": "2015-04-03T14:12:25.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:12:25Z",
|
|
|
|
"last_observed": "2015-04-03T14:12:25Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--551e9fc9-fc8c-4835-bf1b-4aad950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--551e9fc9-fc8c-4835-bf1b-4aad950d210b",
|
|
|
|
"value": "https://portal.sec.ibm.com/mss/html/en_US/support_resources/pdf/Dyre_Wolf_MSS_Threat_Report.pdf"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--551e9fee-3528-4bab-a204-4e81950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:13:02.000Z",
|
|
|
|
"modified": "2015-04-03T14:13:02.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "External analysis",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "Upatre"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "x-misp-attribute",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "x-misp-attribute--551e9fee-6190-4c7d-b743-4639950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:13:02.000Z",
|
|
|
|
"modified": "2015-04-03T14:13:02.000Z",
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"text\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
],
|
|
|
|
"x_misp_category": "External analysis",
|
|
|
|
"x_misp_type": "text",
|
|
|
|
"x_misp_value": "Dyre"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea0e2-1e6c-478f-8a40-4c6f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:17:06.000Z",
|
|
|
|
"modified": "2015-04-03T14:17:06.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:17:06Z",
|
|
|
|
"last_observed": "2015-04-03T14:17:06Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea0e2-1e6c-478f-8a40-4c6f950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea0e2-1e6c-478f-8a40-4c6f950d210b",
|
|
|
|
"value": "checkip.dyndns.org"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea0fb-b928-454f-a553-ce36950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:17:31.000Z",
|
|
|
|
"modified": "2015-04-03T14:17:31.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:17:31Z",
|
|
|
|
"last_observed": "2015-04-03T14:17:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea0fb-b928-454f-a553-ce36950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea0fb-b928-454f-a553-ce36950d210b",
|
|
|
|
"value": "google.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea164-a78c-413e-b3aa-7455950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:19:16.000Z",
|
|
|
|
"modified": "2015-04-03T14:19:16.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a5c773429e86543747ce8b03314593df']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:19:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea164-b32c-4a79-941d-7455950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:19:16.000Z",
|
|
|
|
"modified": "2015-04-03T14:19:16.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '55065e85ab9723d3b9f8d2b3e2ca0514dae10aae']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:19:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea164-3728-4b72-accd-7455950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:19:16.000Z",
|
|
|
|
"modified": "2015-04-03T14:19:16.000Z",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8dbbaec774a42e18f369c2bf947a64d03728749b57fad7f46a80ea1ac396af7f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:19:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c0-7dc4-464c-9e6a-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:48.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:48.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:48Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:48Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c0-7dc4-464c-9e6a-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c0-7dc4-464c-9e6a-fb7b950d210b",
|
|
|
|
"value": "stun1.voiceeclipse.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c0-6540-4dae-8f68-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:48.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:48.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:48Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:48Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c0-6540-4dae-8f68-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c0-6540-4dae-8f68-fb7b950d210b",
|
|
|
|
"value": "stun.callwithus.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c0-315c-4dab-9d90-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:48.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:48.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:48Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:48Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c0-315c-4dab-9d90-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c0-315c-4dab-9d90-fb7b950d210b",
|
|
|
|
"value": "stun.sipgate.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c0-9fe0-4962-96b3-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:48.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:48.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:48Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:48Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c0-9fe0-4962-96b3-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c0-9fe0-4962-96b3-fb7b950d210b",
|
|
|
|
"value": "stun.ekiga.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c0-5de8-4824-8a60-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:48.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:48.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:48Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:48Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c0-5de8-4824-8a60-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c0-5de8-4824-8a60-fb7b950d210b",
|
|
|
|
"value": "stun.ideasip.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c0-d674-4cbf-9a1e-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:48.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:48.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:48Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:48Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c0-d674-4cbf-9a1e-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c0-d674-4cbf-9a1e-fb7b950d210b",
|
|
|
|
"value": "stun.internetcalls.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c1-fca4-4854-91f4-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:49.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:49.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c1-fca4-4854-91f4-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c1-fca4-4854-91f4-fb7b950d210b",
|
|
|
|
"value": "stun.noc.ams-ix.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c1-4e08-48f9-9273-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:49.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:49.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c1-4e08-48f9-9273-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c1-4e08-48f9-9273-fb7b950d210b",
|
|
|
|
"value": "stun.phonepower.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c1-400c-4c34-8dd6-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:49.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:49.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c1-400c-4c34-8dd6-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c1-400c-4c34-8dd6-fb7b950d210b",
|
|
|
|
"value": "stun.voip.aebc.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c1-20d8-4c11-b158-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:49.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:49.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c1-20d8-4c11-b158-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c1-20d8-4c11-b158-fb7b950d210b",
|
|
|
|
"value": "stun.voipbuster.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c1-a2c0-4582-9638-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:49.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:49.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c1-a2c0-4582-9638-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c1-a2c0-4582-9638-fb7b950d210b",
|
|
|
|
"value": "stun.voxgratia.org"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c1-cb48-4b06-889a-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:49.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:49.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c1-cb48-4b06-889a-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c1-cb48-4b06-889a-fb7b950d210b",
|
|
|
|
"value": "stun.ipshka.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c1-da14-4d3a-a498-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:49.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:49.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c1-da14-4d3a-a498-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c1-da14-4d3a-a498-fb7b950d210b",
|
|
|
|
"value": "stun.faktortel.com.au"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c1-db20-4af5-84b2-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:49.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:49.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c1-db20-4af5-84b2-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c1-db20-4af5-84b2-fb7b950d210b",
|
|
|
|
"value": "stun.iptel.org"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c2-210c-4b27-8b9c-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:50.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:50.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c2-210c-4b27-8b9c-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c2-210c-4b27-8b9c-fb7b950d210b",
|
|
|
|
"value": "stun.voipstunt.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c2-6c20-4562-bf26-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:50.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:50.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c2-6c20-4562-bf26-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c2-6c20-4562-bf26-fb7b950d210b",
|
|
|
|
"value": "stunserver.org"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c2-4958-40e8-915d-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:50.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:50.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c2-4958-40e8-915d-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c2-4958-40e8-915d-fb7b950d210b",
|
|
|
|
"value": "s1.taraba.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c2-633c-42cb-bedb-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:50.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:50.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c2-633c-42cb-bedb-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c2-633c-42cb-bedb-fb7b950d210b",
|
|
|
|
"value": "s2.taraba.net"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c2-605c-4628-8b62-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:50.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:50.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c2-605c-4628-8b62-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c2-605c-4628-8b62-fb7b950d210b",
|
|
|
|
"value": "stun.l.google.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c2-c89c-4bb1-9332-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:50.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:50.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c2-c89c-4bb1-9332-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c2-c89c-4bb1-9332-fb7b950d210b",
|
|
|
|
"value": "stun1.l.google.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c2-7394-407b-bb05-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:50.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:50.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c2-7394-407b-bb05-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c2-7394-407b-bb05-fb7b950d210b",
|
|
|
|
"value": "stun2.l.google.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c2-2488-4939-af5f-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:50.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:50.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c2-2488-4939-af5f-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c2-2488-4939-af5f-fb7b950d210b",
|
|
|
|
"value": "stun3.l.google.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c2-c4f8-4906-b4dc-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:50.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:50.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c2-c4f8-4906-b4dc-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c2-c4f8-4906-b4dc-fb7b950d210b",
|
|
|
|
"value": "stun4.l.google.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c3-f780-4277-9492-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:51.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:51.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:51Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c3-f780-4277-9492-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c3-f780-4277-9492-fb7b950d210b",
|
|
|
|
"value": "stun.schlund.de"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c3-c928-4bf5-b635-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:51.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:51.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:51Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c3-c928-4bf5-b635-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c3-c928-4bf5-b635-fb7b950d210b",
|
|
|
|
"value": "stun.rixtelecom.se"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c3-b6d8-40f4-b443-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:51.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:51.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:51Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c3-b6d8-40f4-b443-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c3-b6d8-40f4-b443-fb7b950d210b",
|
|
|
|
"value": "stun.voiparound.com"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c3-44d4-4789-83ce-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:51.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:51.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:51Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c3-44d4-4789-83ce-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c3-44d4-4789-83ce-fb7b950d210b",
|
|
|
|
"value": "numb.viagenie.ca"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c3-f344-4b27-b4f0-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:51.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:51.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:51Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c3-f344-4b27-b4f0-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c3-f344-4b27-b4f0-fb7b950d210b",
|
|
|
|
"value": "stun.stunprotocol.org"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--551ea1c3-1ed0-457a-8037-fb7b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:20:51.000Z",
|
|
|
|
"modified": "2015-04-03T14:20:51.000Z",
|
|
|
|
"first_observed": "2015-04-03T14:20:51Z",
|
|
|
|
"last_observed": "2015-04-03T14:20:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"domain-name--551ea1c3-1ed0-457a-8037-fb7b950d210b"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "domain-name",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "domain-name--551ea1c3-1ed0-457a-8037-fb7b950d210b",
|
|
|
|
"value": "stun.2talk.co.nz"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea1df-5384-430d-beb3-40e9950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:21:19.000Z",
|
|
|
|
"modified": "2015-04-03T14:21:19.000Z",
|
|
|
|
"description": "CnC",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.240.99.70']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:21:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea1fb-4eb8-4a26-95e0-4a04950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:21:47.000Z",
|
|
|
|
"modified": "2015-04-03T14:21:47.000Z",
|
|
|
|
"description": "CnC",
|
|
|
|
"pattern": "[domain-name:value = 'metflex.uk.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:21:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"domain\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24a-695c-4c5e-ae24-4924950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:06.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:06.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.151.48.114']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24a-9de8-4cd6-bdb5-43fc950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:06.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:06.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.63.97.171']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24a-6770-4a03-b467-4ec6950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:06.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:06.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.63.97.224']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24a-c9a8-43a8-8e62-47d7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:06.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:06.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.32.89.29']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24a-fd00-453a-9056-4608950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:06.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:06.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.151.49.53']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24a-de84-45eb-827b-4e50950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:06.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:06.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.210.148.1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24a-cb60-4ccb-b9a8-474e950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:06.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:06.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.87.231.180']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24a-e0c8-4498-b40f-4150950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:06.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:06.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.151.48.199']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24b-1578-4778-918d-466f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:07.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:07.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '37.115.203.210']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24b-bbf8-4a1c-a2d5-48ab950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:07.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:07.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.31.53.23']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24b-b1a8-4f11-be97-43d0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:07.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:07.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.63.97.159']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24b-b50c-43f9-af34-4a30950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:07.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:07.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.94.175.236']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24b-74e0-4f97-a515-4938950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:07.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:07.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.63.97.77']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24b-ea40-4163-9d5b-4359950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:07.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:07.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.165.223.61']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24b-bbc4-4372-8fbc-4def950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:07.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:07.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.63.96.198']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24b-e2b8-4f99-b93d-47b1950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:07.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:07.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.253.216.100']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24b-73c8-4767-96e4-49a8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:07.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:07.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.165.213.146']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24c-3860-4af5-9862-4c81950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:08.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:08.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.63.97.93']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24c-1f40-4373-bf1f-4e0a950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:08.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:08.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.194.239.109']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24c-3204-4a0c-96a9-4063950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:08.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:08.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.63.96.137']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24c-cd38-4433-b76c-43af950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:08.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:08.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.29.0.247']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24c-0564-448e-a112-40b7950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:08.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:08.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.63.97.39']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24c-1bf0-4db6-accc-4dbc950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:08.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:08.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.28.191.218']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24c-11ac-4fce-9251-4e52950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:08.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:08.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.63.96.251']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24c-18bc-458b-a8e9-46ef950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:08.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:08.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.28.191.217']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24c-2280-4eac-a664-472f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:08.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:08.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.36.160.107']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24d-2850-435e-891d-4698950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:08.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:08.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.212.244.19']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24d-2e00-4dd6-abfa-40cc950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:09.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:09.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.160.125.167']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24d-91b4-4331-bb89-4513950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:09.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:09.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.131.139.42']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24d-0c2c-4d3d-8af7-4de8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:09.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:09.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.242.55.58']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24d-b1a8-4ce4-b0f3-4b5b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:09.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:09.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '62.80.181.148']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24d-6210-45dd-af86-4a44950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:09.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:09.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.225.228.195']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24d-4ed0-4e60-b7d7-49f2950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:09.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:09.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.217.49.162']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24d-1938-499a-8c54-45f8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:09.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:09.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.85.204.113']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24d-5acc-416c-9161-43e0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:09.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:09.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.119.175.13']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24e-0020-40f0-90c2-41d6950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:10.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:10.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.151.50.58']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24e-d2a0-4e33-bd1b-4543950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:10.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:10.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.98.141.2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24e-4d04-4fb0-90fc-4333950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:10.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:10.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '89.22.207.223']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24e-95cc-41b6-9d57-41b8950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:10.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:10.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.98.133.237']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24e-1fac-42ac-a186-4a41950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:10.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:10.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.165.232.226']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24e-6644-48a6-ab21-480f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:10.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:10.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '109.237.0.106']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24e-9794-40a9-9af5-4f5b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:10.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:10.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '91.202.197.178']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24e-6c24-47d6-9a8d-4644950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:10.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:10.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '83.219.158.40']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24e-d4d0-429a-9419-4b6f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:10.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:10.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '31.131.142.226']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24e-93e4-48a2-adc0-4332950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:10.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:10.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '46.151.48.121']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24f-9100-4ee2-afe3-4fd0950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:11.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:11.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '195.189.19.156']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24f-a0b8-4b9b-b2de-4a7d950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:11.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:11.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.36.236.132']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24f-8094-425e-b74a-4961950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:11.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:11.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.175.224.225']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24f-9458-4755-bb97-4dca950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:11.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:11.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.36.237.45']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24f-0cc0-4363-a71d-45b6950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:11.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:11.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '93.99.229.60']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24f-614c-4347-a891-44f9950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:11.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:11.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.36.229.141']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24f-b79c-4259-918e-436e950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:11.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:11.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '85.248.157.88']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24f-6ea8-4a6a-aaba-466a950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:11.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:11.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.197.103.78']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea24f-4478-4592-9009-447f950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:11.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:11.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '188.231.149.4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea250-5bf8-4845-b140-4e9e950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:12.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:12.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '178.253.251.4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--551ea250-934c-4663-a0cd-477b950d210b",
|
|
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
|
|
"created": "2015-04-03T14:23:12.000Z",
|
|
|
|
"modified": "2015-04-03T14:23:12.000Z",
|
|
|
|
"description": "Hardcoded I2P nodes in configuration",
|
|
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '194.28.191.70']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2015-04-03T14:23:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|