2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--59282a08-aec8-49e7-932a-45d3950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:40.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:40.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--59282a08-aec8-49e7-932a-45d3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:40.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:40.000Z",
|
|
|
|
"name": "Jaff 2017-05-26 : \"Scanned Image from a Xerox WorkCentre\" - \"Scan_0012_123456789.zip\"",
|
|
|
|
"published": "2017-05-26T13:48:48Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--59282a09-7dd4-445a-8555-424c950d210f",
|
|
|
|
"indicator--59282a0a-8e08-4872-8704-432f950d210f",
|
|
|
|
"indicator--59282a0c-47ac-4f58-8de7-4959950d210f",
|
|
|
|
"indicator--59282a0c-dd14-493a-9bc5-4688950d210f",
|
|
|
|
"observed-data--59282a0d-7bf4-439f-95bf-4082950d210f",
|
|
|
|
"network-traffic--59282a0d-7bf4-439f-95bf-4082950d210f",
|
|
|
|
"ipv4-addr--59282a0d-7bf4-439f-95bf-4082950d210f",
|
|
|
|
"indicator--59282a0e-9188-4a06-a98e-411e950d210f",
|
|
|
|
"indicator--59282a0f-397c-4b05-9075-4c44950d210f",
|
|
|
|
"observed-data--59282a10-b258-44bc-9da9-4ffc950d210f",
|
|
|
|
"network-traffic--59282a10-b258-44bc-9da9-4ffc950d210f",
|
|
|
|
"ipv4-addr--59282a10-b258-44bc-9da9-4ffc950d210f",
|
|
|
|
"indicator--59282a11-9070-49ce-ab6e-41d0950d210f",
|
|
|
|
"indicator--59282a12-5f2c-4b10-9048-412e950d210f",
|
|
|
|
"observed-data--59282a13-31b8-41c4-9512-4782950d210f",
|
|
|
|
"network-traffic--59282a13-31b8-41c4-9512-4782950d210f",
|
|
|
|
"ipv4-addr--59282a13-31b8-41c4-9512-4782950d210f",
|
|
|
|
"indicator--59282a14-4a64-41ae-b3e7-487f950d210f",
|
|
|
|
"indicator--59282a15-ab14-494b-9a05-4913950d210f",
|
|
|
|
"observed-data--59282a15-9d74-4f6d-a2d3-4133950d210f",
|
|
|
|
"network-traffic--59282a15-9d74-4f6d-a2d3-4133950d210f",
|
|
|
|
"ipv4-addr--59282a15-9d74-4f6d-a2d3-4133950d210f",
|
|
|
|
"indicator--59282a16-f19c-4485-84b1-4640950d210f",
|
|
|
|
"indicator--59282a17-5e20-4228-b43a-4b19950d210f",
|
|
|
|
"observed-data--59282a19-d318-4db7-90a0-44f4950d210f",
|
|
|
|
"network-traffic--59282a19-d318-4db7-90a0-44f4950d210f",
|
|
|
|
"ipv4-addr--59282a19-d318-4db7-90a0-44f4950d210f",
|
|
|
|
"indicator--59282a1a-46bc-48cd-bb32-456f950d210f",
|
|
|
|
"indicator--59282a1b-6340-4af5-8646-4267950d210f",
|
|
|
|
"observed-data--59282a1d-13ac-4c10-a36b-423d950d210f",
|
|
|
|
"network-traffic--59282a1d-13ac-4c10-a36b-423d950d210f",
|
|
|
|
"ipv4-addr--59282a1d-13ac-4c10-a36b-423d950d210f",
|
|
|
|
"indicator--59282a1e-60d8-4eee-a1ee-4450950d210f",
|
|
|
|
"indicator--59282a1f-4b1c-464a-b80f-47f2950d210f",
|
|
|
|
"observed-data--59282a21-5688-4bbc-adb2-44a2950d210f",
|
|
|
|
"network-traffic--59282a21-5688-4bbc-adb2-44a2950d210f",
|
|
|
|
"ipv4-addr--59282a21-5688-4bbc-adb2-44a2950d210f",
|
|
|
|
"indicator--59282a21-d7e4-4524-bacb-4382950d210f",
|
|
|
|
"indicator--59282a22-6a4c-4b4e-ae98-484c950d210f",
|
|
|
|
"observed-data--59282a24-80ac-46b9-853a-4b5a950d210f",
|
|
|
|
"network-traffic--59282a24-80ac-46b9-853a-4b5a950d210f",
|
|
|
|
"ipv4-addr--59282a24-80ac-46b9-853a-4b5a950d210f",
|
|
|
|
"indicator--59282a24-d2bc-49c5-8def-4aed950d210f",
|
|
|
|
"indicator--59282a25-6ddc-47b1-a5b8-4a28950d210f",
|
|
|
|
"observed-data--59282a26-6f9c-49cb-8c0f-4d69950d210f",
|
|
|
|
"network-traffic--59282a26-6f9c-49cb-8c0f-4d69950d210f",
|
|
|
|
"ipv4-addr--59282a26-6f9c-49cb-8c0f-4d69950d210f",
|
|
|
|
"indicator--59282a27-facc-4a43-b42b-4bc8950d210f",
|
|
|
|
"indicator--59282a27-a8b4-4fab-860b-46b0950d210f",
|
|
|
|
"observed-data--59282a28-a288-439e-aff9-4137950d210f",
|
|
|
|
"network-traffic--59282a28-a288-439e-aff9-4137950d210f",
|
|
|
|
"ipv4-addr--59282a28-a288-439e-aff9-4137950d210f",
|
|
|
|
"indicator--59282a29-77e8-4a70-b084-466d950d210f",
|
|
|
|
"indicator--59282a2a-e55c-47f4-9044-452f950d210f",
|
|
|
|
"observed-data--59282a2b-7290-452d-a58c-49eb950d210f",
|
|
|
|
"network-traffic--59282a2b-7290-452d-a58c-49eb950d210f",
|
|
|
|
"ipv4-addr--59282a2b-7290-452d-a58c-49eb950d210f",
|
|
|
|
"indicator--59282a2c-34d8-4d9a-b750-4340950d210f",
|
|
|
|
"indicator--59282a2d-794c-4cc5-ab19-493a950d210f",
|
|
|
|
"observed-data--59282a2f-fdac-4630-bce3-40de950d210f",
|
|
|
|
"network-traffic--59282a2f-fdac-4630-bce3-40de950d210f",
|
|
|
|
"ipv4-addr--59282a2f-fdac-4630-bce3-40de950d210f",
|
|
|
|
"indicator--59282a30-7b88-40a9-8fa9-47d2950d210f",
|
|
|
|
"indicator--59282a31-0e64-4e00-a9bc-4f7d950d210f",
|
|
|
|
"observed-data--59282a32-9854-4402-a645-4ed2950d210f",
|
|
|
|
"network-traffic--59282a32-9854-4402-a645-4ed2950d210f",
|
|
|
|
"ipv4-addr--59282a32-9854-4402-a645-4ed2950d210f",
|
|
|
|
"indicator--59282a32-36cc-4b99-86d2-4a15950d210f",
|
|
|
|
"indicator--59282a33-b888-4322-a661-49b3950d210f",
|
|
|
|
"observed-data--59282a34-3298-4f51-bc40-4356950d210f",
|
|
|
|
"network-traffic--59282a34-3298-4f51-bc40-4356950d210f",
|
|
|
|
"ipv4-addr--59282a34-3298-4f51-bc40-4356950d210f",
|
|
|
|
"indicator--59282a35-9d84-4cbd-97f0-4add950d210f",
|
|
|
|
"indicator--59282a35-16a0-4f69-afcd-4c5a950d210f",
|
|
|
|
"observed-data--59282a38-4f38-41a2-a02b-4a08950d210f",
|
|
|
|
"network-traffic--59282a38-4f38-41a2-a02b-4a08950d210f",
|
|
|
|
"ipv4-addr--59282a38-4f38-41a2-a02b-4a08950d210f",
|
|
|
|
"indicator--59282a38-da10-4718-b142-4035950d210f",
|
|
|
|
"indicator--59282a39-61cc-4a85-a560-4331950d210f",
|
|
|
|
"observed-data--59282a3a-2578-4dfe-beb5-4011950d210f",
|
|
|
|
"network-traffic--59282a3a-2578-4dfe-beb5-4011950d210f",
|
|
|
|
"ipv4-addr--59282a3a-2578-4dfe-beb5-4011950d210f",
|
|
|
|
"indicator--59282a3b-5c34-492a-accc-4c3f950d210f",
|
|
|
|
"indicator--59282a3c-7528-4b92-bd56-41f4950d210f",
|
|
|
|
"observed-data--59282a3e-7e78-4d61-a42f-4b86950d210f",
|
|
|
|
"network-traffic--59282a3e-7e78-4d61-a42f-4b86950d210f",
|
|
|
|
"ipv4-addr--59282a3e-7e78-4d61-a42f-4b86950d210f",
|
|
|
|
"indicator--59282a3f-1ae4-4fcf-bf7f-498f950d210f",
|
|
|
|
"indicator--59282a40-0b8c-4a97-b149-4a7f950d210f",
|
|
|
|
"indicator--59282a41-e010-49b9-8b50-4495950d210f",
|
|
|
|
"indicator--59282a41-6fec-4ac0-a04b-4178950d210f",
|
|
|
|
"indicator--59282a47-d4c4-4c25-b0a4-4723950d210f",
|
|
|
|
"indicator--59282a47-a674-4fc4-a581-4d5d950d210f",
|
|
|
|
"observed-data--59282a49-9c80-41e4-93da-4474950d210f",
|
|
|
|
"network-traffic--59282a49-9c80-41e4-93da-4474950d210f",
|
|
|
|
"ipv4-addr--59282a49-9c80-41e4-93da-4474950d210f",
|
|
|
|
"indicator--59282ed9-3cd8-4a48-b42a-406002de0b81",
|
|
|
|
"indicator--59282ed9-ad38-4ac8-ae12-46e502de0b81",
|
|
|
|
"observed-data--59282eda-d98c-43d0-8c94-442002de0b81",
|
|
|
|
"url--59282eda-d98c-43d0-8c94-442002de0b81",
|
|
|
|
"indicator--59282eda-fca4-4b2b-8583-444f02de0b81",
|
|
|
|
"indicator--59282eda-05ac-46fe-882e-4c1202de0b81",
|
|
|
|
"observed-data--59282edb-5dbc-4c23-9c2d-4fbd02de0b81",
|
|
|
|
"url--59282edb-5dbc-4c23-9c2d-4fbd02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
|
|
"misp-galaxy:ransomware=\"Jaff\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a09-7dd4-445a-8555-424c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'aace687d16706b05aa49c9b7fff7572b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a0a-8e08-4872-8704-432f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '6708cc80916e838a9bbed09c91854230']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a0c-47ac-4f58-8de7-4959950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://better57toiuydof.net/af/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a0c-dd14-493a-9bc5-4688950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'better57toiuydof.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a0d-7bf4-439f-95bf-4082950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a0d-7bf4-439f-95bf-4082950d210f",
|
|
|
|
"ipv4-addr--59282a0d-7bf4-439f-95bf-4082950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a0d-7bf4-439f-95bf-4082950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a0d-7bf4-439f-95bf-4082950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a0d-7bf4-439f-95bf-4082950d210f",
|
|
|
|
"value": "46.173.218.111"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a0e-9188-4a06-a98e-411e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://dsopro.com/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a0f-397c-4b05-9075-4c44950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'dsopro.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a10-b258-44bc-9da9-4ffc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a10-b258-44bc-9da9-4ffc950d210f",
|
|
|
|
"ipv4-addr--59282a10-b258-44bc-9da9-4ffc950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a10-b258-44bc-9da9-4ffc950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a10-b258-44bc-9da9-4ffc950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a10-b258-44bc-9da9-4ffc950d210f",
|
|
|
|
"value": "35.166.221.246"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a11-9070-49ce-ab6e-41d0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://easy2.cn/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a12-5f2c-4b10-9048-412e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'easy2.cn']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a13-31b8-41c4-9512-4782950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a13-31b8-41c4-9512-4782950d210f",
|
|
|
|
"ipv4-addr--59282a13-31b8-41c4-9512-4782950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a13-31b8-41c4-9512-4782950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a13-31b8-41c4-9512-4782950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a13-31b8-41c4-9512-4782950d210f",
|
|
|
|
"value": "47.89.53.24"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a14-4a64-41ae-b3e7-487f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://eisenerzgrube.de/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a15-ab14-494b-9a05-4913950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'eisenerzgrube.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a15-9d74-4f6d-a2d3-4133950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a15-9d74-4f6d-a2d3-4133950d210f",
|
|
|
|
"ipv4-addr--59282a15-9d74-4f6d-a2d3-4133950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a15-9d74-4f6d-a2d3-4133950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a15-9d74-4f6d-a2d3-4133950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a15-9d74-4f6d-a2d3-4133950d210f",
|
|
|
|
"value": "81.169.145.88"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a16-f19c-4485-84b1-4640950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://eselink.com.my/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a17-5e20-4228-b43a-4b19950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'eselink.com.my']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a19-d318-4db7-90a0-44f4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a19-d318-4db7-90a0-44f4950d210f",
|
|
|
|
"ipv4-addr--59282a19-d318-4db7-90a0-44f4950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a19-d318-4db7-90a0-44f4950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a19-d318-4db7-90a0-44f4950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a19-d318-4db7-90a0-44f4950d210f",
|
|
|
|
"value": "124.150.140.96"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a1a-46bc-48cd-bb32-456f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://e-snhv.com/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a1b-6340-4af5-8646-4267950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'e-snhv.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a1d-13ac-4c10-a36b-423d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a1d-13ac-4c10-a36b-423d950d210f",
|
|
|
|
"ipv4-addr--59282a1d-13ac-4c10-a36b-423d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a1d-13ac-4c10-a36b-423d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a1d-13ac-4c10-a36b-423d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a1d-13ac-4c10-a36b-423d950d210f",
|
|
|
|
"value": "61.106.62.37"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a1e-60d8-4eee-a1ee-4450950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://fabriquekorea.com/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a1f-4b1c-464a-b80f-47f2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'fabriquekorea.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a21-5688-4bbc-adb2-44a2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a21-5688-4bbc-adb2-44a2950d210f",
|
|
|
|
"ipv4-addr--59282a21-5688-4bbc-adb2-44a2950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a21-5688-4bbc-adb2-44a2950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a21-5688-4bbc-adb2-44a2950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a21-5688-4bbc-adb2-44a2950d210f",
|
|
|
|
"value": "211.174.62.52"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a21-d7e4-4524-bacb-4382950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://jinqiaonkyy.com/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a22-6a4c-4b4e-ae98-484c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'jinqiaonkyy.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a24-80ac-46b9-853a-4b5a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a24-80ac-46b9-853a-4b5a950d210f",
|
|
|
|
"ipv4-addr--59282a24-80ac-46b9-853a-4b5a950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a24-80ac-46b9-853a-4b5a950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a24-80ac-46b9-853a-4b5a950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a24-80ac-46b9-853a-4b5a950d210f",
|
|
|
|
"value": "162.251.21.215"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a24-d2bc-49c5-8def-4aed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://orhangazitur.com/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a25-6ddc-47b1-a5b8-4a28950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'orhangazitur.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a26-6f9c-49cb-8c0f-4d69950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a26-6f9c-49cb-8c0f-4d69950d210f",
|
|
|
|
"ipv4-addr--59282a26-6f9c-49cb-8c0f-4d69950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a26-6f9c-49cb-8c0f-4d69950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a26-6f9c-49cb-8c0f-4d69950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a26-6f9c-49cb-8c0f-4d69950d210f",
|
|
|
|
"value": "109.232.220.235"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a27-facc-4a43-b42b-4bc8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://paradigmenergycorp.com/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a27-a8b4-4fab-860b-46b0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'paradigmenergycorp.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a28-a288-439e-aff9-4137950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a28-a288-439e-aff9-4137950d210f",
|
|
|
|
"ipv4-addr--59282a28-a288-439e-aff9-4137950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a28-a288-439e-aff9-4137950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a28-a288-439e-aff9-4137950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a28-a288-439e-aff9-4137950d210f",
|
|
|
|
"value": "107.180.40.126"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a29-77e8-4a70-b084-466d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://poltec.com.au/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a2a-e55c-47f4-9044-452f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'poltec.com.au']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a2b-7290-452d-a58c-49eb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a2b-7290-452d-a58c-49eb950d210f",
|
|
|
|
"ipv4-addr--59282a2b-7290-452d-a58c-49eb950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a2b-7290-452d-a58c-49eb950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a2b-7290-452d-a58c-49eb950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a2b-7290-452d-a58c-49eb950d210f",
|
|
|
|
"value": "27.54.86.236"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a2c-34d8-4d9a-b750-4340950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://praktikum-marketing.de/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a2d-794c-4cc5-ab19-493a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'praktikum-marketing.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a2f-fdac-4630-bce3-40de950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a2f-fdac-4630-bce3-40de950d210f",
|
|
|
|
"ipv4-addr--59282a2f-fdac-4630-bce3-40de950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a2f-fdac-4630-bce3-40de950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a2f-fdac-4630-bce3-40de950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a2f-fdac-4630-bce3-40de950d210f",
|
|
|
|
"value": "76.74.235.244"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a30-7b88-40a9-8fa9-47d2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://pw-shop.com/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a31-0e64-4e00-a9bc-4f7d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'pw-shop.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a32-9854-4402-a645-4ed2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a32-9854-4402-a645-4ed2950d210f",
|
|
|
|
"ipv4-addr--59282a32-9854-4402-a645-4ed2950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a32-9854-4402-a645-4ed2950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a32-9854-4402-a645-4ed2950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a32-9854-4402-a645-4ed2950d210f",
|
|
|
|
"value": "93.170.136.50"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a32-36cc-4b99-86d2-4a15950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://tasfirin-ustasi.net/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a33-b888-4322-a661-49b3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'tasfirin-ustasi.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a34-3298-4f51-bc40-4356950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a34-3298-4f51-bc40-4356950d210f",
|
|
|
|
"ipv4-addr--59282a34-3298-4f51-bc40-4356950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a34-3298-4f51-bc40-4356950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a34-3298-4f51-bc40-4356950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a34-3298-4f51-bc40-4356950d210f",
|
|
|
|
"value": "95.173.189.38"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a35-9d84-4cbd-97f0-4add950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://thanprints.com/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a35-16a0-4f69-afcd-4c5a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'thanprints.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a38-4f38-41a2-a02b-4a08950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a38-4f38-41a2-a02b-4a08950d210f",
|
|
|
|
"ipv4-addr--59282a38-4f38-41a2-a02b-4a08950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a38-4f38-41a2-a02b-4a08950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a38-4f38-41a2-a02b-4a08950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a38-4f38-41a2-a02b-4a08950d210f",
|
|
|
|
"value": "61.19.251.181"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a38-da10-4718-b142-4035950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://trade-unite.ru/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a39-61cc-4a85-a560-4331950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'trade-unite.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a3a-2578-4dfe-beb5-4011950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a3a-2578-4dfe-beb5-4011950d210f",
|
|
|
|
"ipv4-addr--59282a3a-2578-4dfe-beb5-4011950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a3a-2578-4dfe-beb5-4011950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a3a-2578-4dfe-beb5-4011950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a3a-2578-4dfe-beb5-4011950d210f",
|
|
|
|
"value": "80.78.245.178"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a3b-5c34-492a-accc-4c3f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://vigs.mx/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a3c-7528-4b92-bd56-41f4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'vigs.mx']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a3e-7e78-4d61-a42f-4b86950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a3e-7e78-4d61-a42f-4b86950d210f",
|
|
|
|
"ipv4-addr--59282a3e-7e78-4d61-a42f-4b86950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a3e-7e78-4d61-a42f-4b86950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a3e-7e78-4d61-a42f-4b86950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a3e-7e78-4d61-a42f-4b86950d210f",
|
|
|
|
"value": "192.185.48.180"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a3f-1ae4-4fcf-bf7f-498f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://www.buchenried.de/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a40-0b8c-4a97-b149-4a7f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'www.buchenried.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a41-e010-49b9-8b50-4495950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://youtoolgrabeertorse.org/af/6gfh33']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a41-6fec-4ac0-a04b-4178950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'youtoolgrabeertorse.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a47-d4c4-4c25-b0a4-4723950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://comboratiogferrdto.com/a5/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282a47-a674-4fc4-a581-4d5d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:33:51.000Z",
|
|
|
|
"modified": "2017-05-26T13:33:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'comboratiogferrdto.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:33:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282a49-9c80-41e4-93da-4474950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:48:00.000Z",
|
|
|
|
"modified": "2017-05-26T13:48:00.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"last_observed": "2017-05-26T13:48:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59282a49-9c80-41e4-93da-4474950d210f",
|
|
|
|
"ipv4-addr--59282a49-9c80-41e4-93da-4474950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59282a49-9c80-41e4-93da-4474950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59282a49-9c80-41e4-93da-4474950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59282a49-9c80-41e4-93da-4474950d210f",
|
|
|
|
"value": "46.173.218.145"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282ed9-3cd8-4a48-b42a-406002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:34:17.000Z",
|
|
|
|
"modified": "2017-05-26T13:34:17.000Z",
|
|
|
|
"description": "- Xchecked via VT: 6708cc80916e838a9bbed09c91854230",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '375ba5457b0a8e0328f38e942dc16fa07e03e2b39571392c0f10f93031158d6f']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:34:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282ed9-ad38-4ac8-ae12-46e502de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:34:17.000Z",
|
|
|
|
"modified": "2017-05-26T13:34:17.000Z",
|
|
|
|
"description": "- Xchecked via VT: 6708cc80916e838a9bbed09c91854230",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'd4b86429537c3b1d9e15e96a965166fc053efbd0']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:34:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282eda-d98c-43d0-8c94-442002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:34:17.000Z",
|
|
|
|
"modified": "2017-05-26T13:34:17.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:34:17Z",
|
|
|
|
"last_observed": "2017-05-26T13:34:17Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--59282eda-d98c-43d0-8c94-442002de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--59282eda-d98c-43d0-8c94-442002de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/375ba5457b0a8e0328f38e942dc16fa07e03e2b39571392c0f10f93031158d6f/analysis/1495799038/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282eda-fca4-4b2b-8583-444f02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:34:18.000Z",
|
|
|
|
"modified": "2017-05-26T13:34:18.000Z",
|
|
|
|
"description": "- Xchecked via VT: aace687d16706b05aa49c9b7fff7572b",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '68c7b7d97fada3f558a54260491ffe1ce77add158f8a91c2599432f13718b807']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:34:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59282eda-05ac-46fe-882e-4c1202de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:34:18.000Z",
|
|
|
|
"modified": "2017-05-26T13:34:18.000Z",
|
|
|
|
"description": "- Xchecked via VT: aace687d16706b05aa49c9b7fff7572b",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '124e4c77e52026c2de1a88be302c00a6db4f936b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-05-26T13:34:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59282edb-5dbc-4c23-9c2d-4fbd02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-05-26T13:34:19.000Z",
|
|
|
|
"modified": "2017-05-26T13:34:19.000Z",
|
|
|
|
"first_observed": "2017-05-26T13:34:19Z",
|
|
|
|
"last_observed": "2017-05-26T13:34:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--59282edb-5dbc-4c23-9c2d-4fbd02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--59282edb-5dbc-4c23-9c2d-4fbd02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/68c7b7d97fada3f558a54260491ffe1ce77add158f8a91c2599432f13718b807/analysis/1495798709/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|