2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--593a6d56-c9d4-44a5-af47-4b68950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T15:41:24.000Z",
|
|
|
|
"modified": "2017-06-09T15:41:24.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--593a6d56-c9d4-44a5-af47-4b68950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T15:41:24.000Z",
|
|
|
|
"modified": "2017-06-09T15:41:24.000Z",
|
|
|
|
"name": "M2M - Jaff 2017-06-09 : missing subject - \"IMG_1234.ZIP\" / \"DOC_1234.docm\"",
|
|
|
|
"published": "2017-06-09T15:41:31Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--593a6d57-58fc-4226-b97d-4bcc950d210f",
|
|
|
|
"indicator--593a6d57-e1b8-45f5-9285-42bb950d210f",
|
|
|
|
"indicator--593a6d58-72ac-4fa3-ada6-4bb5950d210f",
|
|
|
|
"indicator--593a6d59-df44-4ffb-8489-424e950d210f",
|
|
|
|
"observed-data--593a6d59-b5ec-4157-a7a1-4389950d210f",
|
|
|
|
"network-traffic--593a6d59-b5ec-4157-a7a1-4389950d210f",
|
|
|
|
"ipv4-addr--593a6d59-b5ec-4157-a7a1-4389950d210f",
|
|
|
|
"indicator--593a6d5a-f8c4-4d08-b9a6-4204950d210f",
|
|
|
|
"indicator--593a6d5a-819c-4a3a-a629-4f85950d210f",
|
|
|
|
"observed-data--593a6d5b-a6c8-48e0-ba22-4204950d210f",
|
|
|
|
"network-traffic--593a6d5b-a6c8-48e0-ba22-4204950d210f",
|
|
|
|
"ipv4-addr--593a6d5b-a6c8-48e0-ba22-4204950d210f",
|
|
|
|
"indicator--593a6d5c-961c-4212-a8a4-4426950d210f",
|
|
|
|
"indicator--593a6d5c-795c-4892-b868-400e950d210f",
|
|
|
|
"observed-data--593a6d5d-47cc-43ec-b8a3-7db6950d210f",
|
|
|
|
"network-traffic--593a6d5d-47cc-43ec-b8a3-7db6950d210f",
|
|
|
|
"ipv4-addr--593a6d5d-47cc-43ec-b8a3-7db6950d210f",
|
|
|
|
"indicator--593a6d5e-c724-4953-9510-45fb950d210f",
|
|
|
|
"indicator--593a6d5e-0adc-486a-84ab-4b68950d210f",
|
|
|
|
"observed-data--593a6d5f-0cb8-4633-ae88-4ec7950d210f",
|
|
|
|
"network-traffic--593a6d5f-0cb8-4633-ae88-4ec7950d210f",
|
|
|
|
"ipv4-addr--593a6d5f-0cb8-4633-ae88-4ec7950d210f",
|
|
|
|
"indicator--593a6d5f-f310-415c-b8ed-44b6950d210f",
|
|
|
|
"indicator--593a6d60-fbec-4a5f-8a69-4b68950d210f",
|
|
|
|
"observed-data--593a6d60-e38c-4cf5-bf57-4bfe950d210f",
|
|
|
|
"network-traffic--593a6d60-e38c-4cf5-bf57-4bfe950d210f",
|
|
|
|
"ipv4-addr--593a6d60-e38c-4cf5-bf57-4bfe950d210f",
|
|
|
|
"indicator--593a6d61-5074-4db3-ad28-44f8950d210f",
|
|
|
|
"indicator--593a6d61-5f1c-4115-b961-46c6950d210f",
|
|
|
|
"observed-data--593a6d62-40c4-4568-b027-4174950d210f",
|
|
|
|
"network-traffic--593a6d62-40c4-4568-b027-4174950d210f",
|
|
|
|
"ipv4-addr--593a6d62-40c4-4568-b027-4174950d210f",
|
|
|
|
"indicator--593a6d63-0714-4916-8cb8-4ece950d210f",
|
|
|
|
"indicator--593a6d63-1f10-42ea-afce-49cf950d210f",
|
|
|
|
"observed-data--593a6d64-b1dc-4e1c-92ed-4625950d210f",
|
|
|
|
"network-traffic--593a6d64-b1dc-4e1c-92ed-4625950d210f",
|
|
|
|
"ipv4-addr--593a6d64-b1dc-4e1c-92ed-4625950d210f",
|
|
|
|
"indicator--593a6d65-0ad0-4d5c-b410-4f1e950d210f",
|
|
|
|
"indicator--593a6d66-7014-4fda-8360-4f0e950d210f",
|
|
|
|
"observed-data--593a6d66-4a40-4d97-b24b-4611950d210f",
|
|
|
|
"network-traffic--593a6d66-4a40-4d97-b24b-4611950d210f",
|
|
|
|
"ipv4-addr--593a6d66-4a40-4d97-b24b-4611950d210f",
|
|
|
|
"indicator--593a6d67-1280-48f3-af5a-4ed9950d210f",
|
|
|
|
"indicator--593a6d68-bcdc-44fe-841c-4891950d210f",
|
|
|
|
"observed-data--593a6d68-1c40-42d1-b850-7db6950d210f",
|
|
|
|
"network-traffic--593a6d68-1c40-42d1-b850-7db6950d210f",
|
|
|
|
"ipv4-addr--593a6d68-1c40-42d1-b850-7db6950d210f",
|
|
|
|
"indicator--593a6d69-aaa4-4362-a248-3089950d210f",
|
|
|
|
"indicator--593a6d69-2250-42e1-aed6-4b68950d210f",
|
|
|
|
"observed-data--593a6d6a-974c-41f7-a4ab-4e0e950d210f",
|
|
|
|
"network-traffic--593a6d6a-974c-41f7-a4ab-4e0e950d210f",
|
|
|
|
"ipv4-addr--593a6d6a-974c-41f7-a4ab-4e0e950d210f",
|
|
|
|
"indicator--593a6d6b-1108-4e8b-8341-463c950d210f",
|
|
|
|
"indicator--593a6d6b-0338-44c4-8012-4d9e950d210f",
|
|
|
|
"observed-data--593a6d6c-38cc-45f4-bbff-41c7950d210f",
|
|
|
|
"network-traffic--593a6d6c-38cc-45f4-bbff-41c7950d210f",
|
|
|
|
"ipv4-addr--593a6d6c-38cc-45f4-bbff-41c7950d210f",
|
|
|
|
"indicator--593a6d6d-a2b0-4d35-94e6-4eda950d210f",
|
|
|
|
"indicator--593a6d6d-f494-4c87-b2fb-4faf950d210f",
|
|
|
|
"observed-data--593a6d6e-30b0-4a36-a0f7-4eb7950d210f",
|
|
|
|
"network-traffic--593a6d6e-30b0-4a36-a0f7-4eb7950d210f",
|
|
|
|
"ipv4-addr--593a6d6e-30b0-4a36-a0f7-4eb7950d210f",
|
|
|
|
"indicator--593a6d6f-8d28-43fb-9cbe-42bb950d210f",
|
|
|
|
"indicator--593a6d6f-7a04-4c12-aff4-4800950d210f",
|
|
|
|
"observed-data--593a6d70-fc30-4695-94ac-4bfe950d210f",
|
|
|
|
"network-traffic--593a6d70-fc30-4695-94ac-4bfe950d210f",
|
|
|
|
"ipv4-addr--593a6d70-fc30-4695-94ac-4bfe950d210f",
|
|
|
|
"indicator--593a6d71-43b0-4df2-97e9-4987950d210f",
|
|
|
|
"indicator--593a6d71-c848-4aff-952a-43cb950d210f",
|
|
|
|
"observed-data--593a6d72-f048-44bb-8ead-4204950d210f",
|
|
|
|
"network-traffic--593a6d72-f048-44bb-8ead-4204950d210f",
|
|
|
|
"ipv4-addr--593a6d72-f048-44bb-8ead-4204950d210f",
|
|
|
|
"indicator--593a6d72-fcf4-4be5-a24f-4b68950d210f",
|
|
|
|
"indicator--593a6d73-b018-41dc-9df7-4009950d210f",
|
|
|
|
"observed-data--593a6d74-500c-48ff-8a55-4b68950d210f",
|
|
|
|
"network-traffic--593a6d74-500c-48ff-8a55-4b68950d210f",
|
|
|
|
"ipv4-addr--593a6d74-500c-48ff-8a55-4b68950d210f",
|
|
|
|
"indicator--593a6d74-aad4-47ad-a791-4304950d210f",
|
|
|
|
"indicator--593a6d75-5e60-41af-b1cc-4bfe950d210f",
|
|
|
|
"observed-data--593a6d78-a008-4bb5-8e8e-4bfe950d210f",
|
|
|
|
"network-traffic--593a6d78-a008-4bb5-8e8e-4bfe950d210f",
|
|
|
|
"ipv4-addr--593a6d78-a008-4bb5-8e8e-4bfe950d210f",
|
|
|
|
"indicator--593a6d79-f5d4-4538-8b78-429f950d210f",
|
|
|
|
"indicator--593a6d7a-8c20-4465-8abf-4204950d210f",
|
|
|
|
"observed-data--593a6d7b-7cac-460d-b525-465c950d210f",
|
|
|
|
"network-traffic--593a6d7b-7cac-460d-b525-465c950d210f",
|
|
|
|
"ipv4-addr--593a6d7b-7cac-460d-b525-465c950d210f",
|
|
|
|
"indicator--593a6d7b-0688-4c58-bc14-4843950d210f",
|
|
|
|
"indicator--593a6d7c-62a8-4a9b-b12c-4b68950d210f",
|
|
|
|
"observed-data--593a6d7d-8934-4e26-af72-46d0950d210f",
|
|
|
|
"network-traffic--593a6d7d-8934-4e26-af72-46d0950d210f",
|
|
|
|
"ipv4-addr--593a6d7d-8934-4e26-af72-46d0950d210f",
|
|
|
|
"indicator--593a6d7d-b0ec-449d-8ebf-47f6950d210f",
|
|
|
|
"indicator--593a6d7e-c974-409d-b9c7-3089950d210f",
|
|
|
|
"observed-data--593a6d7f-4bd8-42f9-b909-4204950d210f",
|
|
|
|
"network-traffic--593a6d7f-4bd8-42f9-b909-4204950d210f",
|
|
|
|
"ipv4-addr--593a6d7f-4bd8-42f9-b909-4204950d210f",
|
|
|
|
"indicator--593a6d7f-4358-42d3-8aaf-420f950d210f",
|
|
|
|
"indicator--593a6d80-c7b8-4aaf-b9f4-49b6950d210f",
|
|
|
|
"observed-data--593a6d81-bbb4-4c6c-be7b-446a950d210f",
|
|
|
|
"network-traffic--593a6d81-bbb4-4c6c-be7b-446a950d210f",
|
|
|
|
"ipv4-addr--593a6d81-bbb4-4c6c-be7b-446a950d210f",
|
|
|
|
"indicator--593a6d81-0eb8-469c-93d6-4e9f950d210f",
|
|
|
|
"indicator--593a6d82-2ad0-4d99-b9c7-4bfe950d210f",
|
|
|
|
"observed-data--593a6d83-e750-4e7a-a81d-4452950d210f",
|
|
|
|
"network-traffic--593a6d83-e750-4e7a-a81d-4452950d210f",
|
|
|
|
"ipv4-addr--593a6d83-e750-4e7a-a81d-4452950d210f",
|
|
|
|
"indicator--593a6d84-fb54-450b-b3c2-420d950d210f",
|
|
|
|
"indicator--593a6d84-fff4-4e07-9a3d-43ed950d210f",
|
|
|
|
"observed-data--593a6d85-ebc4-4163-8e20-421e950d210f",
|
|
|
|
"network-traffic--593a6d85-ebc4-4163-8e20-421e950d210f",
|
|
|
|
"ipv4-addr--593a6d85-ebc4-4163-8e20-421e950d210f",
|
|
|
|
"indicator--593a6d85-5b50-4710-bdd9-45d4950d210f",
|
|
|
|
"indicator--593a6d86-f1d8-48e2-9bbb-3089950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
|
|
"misp-galaxy:ransomware=\"Jaff\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d57-58fc-4226-b97d-4bcc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:43.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:43.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a810aa0c0f88929f805056a2b75956c4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d57-e1b8-45f5-9285-42bb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:43.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:43.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a6be6ea02acd9138578cae3ef408cbe7']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d58-72ac-4fa3-ada6-4bb5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:44.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:44.000Z",
|
|
|
|
"pattern": "[url:value = 'http://7prisms.com/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d59-df44-4ffb-8489-424e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:45.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:45.000Z",
|
|
|
|
"pattern": "[domain-name:value = '7prisms.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d59-b5ec-4157-a7a1-4389950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:45.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:45.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:41:45Z",
|
|
|
|
"last_observed": "2017-06-09T09:41:45Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d59-b5ec-4157-a7a1-4389950d210f",
|
|
|
|
"ipv4-addr--593a6d59-b5ec-4157-a7a1-4389950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d59-b5ec-4157-a7a1-4389950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d59-b5ec-4157-a7a1-4389950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d59-b5ec-4157-a7a1-4389950d210f",
|
|
|
|
"value": "70.40.221.121"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d5a-f8c4-4d08-b9a6-4204950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:46.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:46.000Z",
|
|
|
|
"pattern": "[url:value = 'http://adjlegal.com/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d5a-819c-4a3a-a629-4f85950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:46.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:46.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'adjlegal.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d5b-a6c8-48e0-ba22-4204950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:47.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:47.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:41:47Z",
|
|
|
|
"last_observed": "2017-06-09T09:41:47Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d5b-a6c8-48e0-ba22-4204950d210f",
|
|
|
|
"ipv4-addr--593a6d5b-a6c8-48e0-ba22-4204950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d5b-a6c8-48e0-ba22-4204950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d5b-a6c8-48e0-ba22-4204950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d5b-a6c8-48e0-ba22-4204950d210f",
|
|
|
|
"value": "162.222.226.195"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d5c-961c-4212-a8a4-4426950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:48.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:48.000Z",
|
|
|
|
"pattern": "[url:value = 'http://akira-sushi34.ru/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d5c-795c-4892-b868-400e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:48.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:48.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'akira-sushi34.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d5d-47cc-43ec-b8a3-7db6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:49.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:49.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:41:49Z",
|
|
|
|
"last_observed": "2017-06-09T09:41:49Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d5d-47cc-43ec-b8a3-7db6950d210f",
|
|
|
|
"ipv4-addr--593a6d5d-47cc-43ec-b8a3-7db6950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d5d-47cc-43ec-b8a3-7db6950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d5d-47cc-43ec-b8a3-7db6950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d5d-47cc-43ec-b8a3-7db6950d210f",
|
|
|
|
"value": "141.8.194.135"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d5e-c724-4953-9510-45fb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:50.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:50.000Z",
|
|
|
|
"pattern": "[url:value = 'http://assuresolutions.in/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d5e-0adc-486a-84ab-4b68950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:50.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:50.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'assuresolutions.in']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d5f-0cb8-4633-ae88-4ec7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:51.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:51.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:41:51Z",
|
|
|
|
"last_observed": "2017-06-09T09:41:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d5f-0cb8-4633-ae88-4ec7950d210f",
|
|
|
|
"ipv4-addr--593a6d5f-0cb8-4633-ae88-4ec7950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d5f-0cb8-4633-ae88-4ec7950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d5f-0cb8-4633-ae88-4ec7950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d5f-0cb8-4633-ae88-4ec7950d210f",
|
|
|
|
"value": "209.99.16.227"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d5f-f310-415c-b8ed-44b6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:51.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://charlenelouw.co.za/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d60-fbec-4a5f-8a69-4b68950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:52.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:52.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'charlenelouw.co.za']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d60-e38c-4cf5-bf57-4bfe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:52.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:52.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:41:52Z",
|
|
|
|
"last_observed": "2017-06-09T09:41:52Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d60-e38c-4cf5-bf57-4bfe950d210f",
|
|
|
|
"ipv4-addr--593a6d60-e38c-4cf5-bf57-4bfe950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d60-e38c-4cf5-bf57-4bfe950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d60-e38c-4cf5-bf57-4bfe950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d60-e38c-4cf5-bf57-4bfe950d210f",
|
|
|
|
"value": "196.46.186.187"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d61-5074-4db3-ad28-44f8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:53.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:53.000Z",
|
|
|
|
"pattern": "[url:value = 'http://coregroupindia.co.in/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d61-5f1c-4115-b961-46c6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:53.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:53.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'coregroupindia.co.in']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d62-40c4-4568-b027-4174950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:54.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:54.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:41:54Z",
|
|
|
|
"last_observed": "2017-06-09T09:41:54Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d62-40c4-4568-b027-4174950d210f",
|
|
|
|
"ipv4-addr--593a6d62-40c4-4568-b027-4174950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d62-40c4-4568-b027-4174950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d62-40c4-4568-b027-4174950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d62-40c4-4568-b027-4174950d210f",
|
|
|
|
"value": "199.79.62.121"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d63-0714-4916-8cb8-4ece950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:55.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://e67tfgc4uybfbnfmd.org/af/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d63-1f10-42ea-afce-49cf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:55.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'e67tfgc4uybfbnfmd.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d64-b1dc-4e1c-92ed-4625950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:56.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:56.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:41:56Z",
|
|
|
|
"last_observed": "2017-06-09T09:41:56Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d64-b1dc-4e1c-92ed-4625950d210f",
|
|
|
|
"ipv4-addr--593a6d64-b1dc-4e1c-92ed-4625950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d64-b1dc-4e1c-92ed-4625950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d64-b1dc-4e1c-92ed-4625950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d64-b1dc-4e1c-92ed-4625950d210f",
|
|
|
|
"value": "119.28.85.128"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d65-0ad0-4d5c-b410-4f1e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:57.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://gidrowash.ru/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d66-7014-4fda-8360-4f0e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:58.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:58.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'gidrowash.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d66-4a40-4d97-b24b-4611950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:58.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:58.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:41:58Z",
|
|
|
|
"last_observed": "2017-06-09T09:41:58Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d66-4a40-4d97-b24b-4611950d210f",
|
|
|
|
"ipv4-addr--593a6d66-4a40-4d97-b24b-4611950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d66-4a40-4d97-b24b-4611950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d66-4a40-4d97-b24b-4611950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d66-4a40-4d97-b24b-4611950d210f",
|
|
|
|
"value": "151.248.113.29"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d67-1280-48f3-af5a-4ed9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:41:59.000Z",
|
|
|
|
"modified": "2017-06-09T09:41:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://matbaa.be/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:41:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d68-bcdc-44fe-841c-4891950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:00.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:00.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'matbaa.be']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d68-1c40-42d1-b850-7db6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:00.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:00.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:42:00Z",
|
|
|
|
"last_observed": "2017-06-09T09:42:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d68-1c40-42d1-b850-7db6950d210f",
|
|
|
|
"ipv4-addr--593a6d68-1c40-42d1-b850-7db6950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d68-1c40-42d1-b850-7db6950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d68-1c40-42d1-b850-7db6950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d68-1c40-42d1-b850-7db6950d210f",
|
|
|
|
"value": "185.158.165.13"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d69-aaa4-4362-a248-3089950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:01.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mercobel.be/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d69-2250-42e1-aed6-4b68950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:01.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mercobel.be']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d6a-974c-41f7-a4ab-4e0e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:02.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:02.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:42:02Z",
|
|
|
|
"last_observed": "2017-06-09T09:42:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d6a-974c-41f7-a4ab-4e0e950d210f",
|
|
|
|
"ipv4-addr--593a6d6a-974c-41f7-a4ab-4e0e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d6a-974c-41f7-a4ab-4e0e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d6a-974c-41f7-a4ab-4e0e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d6a-974c-41f7-a4ab-4e0e950d210f",
|
|
|
|
"value": "37.97.228.171"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d6b-1108-4e8b-8341-463c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:03.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:03.000Z",
|
|
|
|
"pattern": "[url:value = 'http://missangel.org/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d6b-0338-44c4-8012-4d9e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:03.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:03.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'missangel.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d6c-38cc-45f4-bbff-41c7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:04.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:04.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:42:04Z",
|
|
|
|
"last_observed": "2017-06-09T09:42:04Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d6c-38cc-45f4-bbff-41c7950d210f",
|
|
|
|
"ipv4-addr--593a6d6c-38cc-45f4-bbff-41c7950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d6c-38cc-45f4-bbff-41c7950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d6c-38cc-45f4-bbff-41c7950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d6c-38cc-45f4-bbff-41c7950d210f",
|
|
|
|
"value": "111.118.215.77"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d6d-a2b0-4d35-94e6-4eda950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:05.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:05.000Z",
|
|
|
|
"pattern": "[url:value = 'http://msbn.net/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d6d-f494-4c87-b2fb-4faf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:05.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:05.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'msbn.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:05Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d6e-30b0-4a36-a0f7-4eb7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:06.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:06.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:42:06Z",
|
|
|
|
"last_observed": "2017-06-09T09:42:06Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d6e-30b0-4a36-a0f7-4eb7950d210f",
|
|
|
|
"ipv4-addr--593a6d6e-30b0-4a36-a0f7-4eb7950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d6e-30b0-4a36-a0f7-4eb7950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d6e-30b0-4a36-a0f7-4eb7950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d6e-30b0-4a36-a0f7-4eb7950d210f",
|
|
|
|
"value": "69.64.147.34"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d6f-8d28-43fb-9cbe-42bb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:07.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:07.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mscomunicacion.com.mx/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d6f-7a04-4c12-aff4-4800950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:07.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:07.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mscomunicacion.com.mx']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d70-fc30-4695-94ac-4bfe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:08.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:08.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:42:08Z",
|
|
|
|
"last_observed": "2017-06-09T09:42:08Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d70-fc30-4695-94ac-4bfe950d210f",
|
|
|
|
"ipv4-addr--593a6d70-fc30-4695-94ac-4bfe950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d70-fc30-4695-94ac-4bfe950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d70-fc30-4695-94ac-4bfe950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d70-fc30-4695-94ac-4bfe950d210f",
|
|
|
|
"value": "173.254.28.87"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d71-43b0-4df2-97e9-4987950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:09.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:09.000Z",
|
|
|
|
"pattern": "[url:value = 'http://seminator.de/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d71-c848-4aff-952a-43cb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:09.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:09.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'seminator.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d72-f048-44bb-8ead-4204950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:10.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:10.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:42:10Z",
|
|
|
|
"last_observed": "2017-06-09T09:42:10Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d72-f048-44bb-8ead-4204950d210f",
|
|
|
|
"ipv4-addr--593a6d72-f048-44bb-8ead-4204950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d72-f048-44bb-8ead-4204950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d72-f048-44bb-8ead-4204950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d72-f048-44bb-8ead-4204950d210f",
|
|
|
|
"value": "81.169.145.94"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d72-fcf4-4be5-a24f-4b68950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:10.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:10.000Z",
|
|
|
|
"pattern": "[url:value = 'http://sevsem.biz/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d73-b018-41dc-9df7-4009950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:11.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:11.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'sevsem.biz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d74-500c-48ff-8a55-4b68950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:12.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:12.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:42:12Z",
|
|
|
|
"last_observed": "2017-06-09T09:42:12Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d74-500c-48ff-8a55-4b68950d210f",
|
|
|
|
"ipv4-addr--593a6d74-500c-48ff-8a55-4b68950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d74-500c-48ff-8a55-4b68950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d74-500c-48ff-8a55-4b68950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d74-500c-48ff-8a55-4b68950d210f",
|
|
|
|
"value": "46.29.160.48"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d74-aad4-47ad-a791-4304950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:12.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:12.000Z",
|
|
|
|
"pattern": "[url:value = 'http://speaklifegreetings.com/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d75-5e60-41af-b1cc-4bfe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:13.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:13.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'speaklifegreetings.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d78-a008-4bb5-8e8e-4bfe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:16.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:16.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:42:16Z",
|
|
|
|
"last_observed": "2017-06-09T09:42:16Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d78-a008-4bb5-8e8e-4bfe950d210f",
|
|
|
|
"ipv4-addr--593a6d78-a008-4bb5-8e8e-4bfe950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d78-a008-4bb5-8e8e-4bfe950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d78-a008-4bb5-8e8e-4bfe950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d78-a008-4bb5-8e8e-4bfe950d210f",
|
|
|
|
"value": "174.127.105.121"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d79-f5d4-4538-8b78-429f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:17.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:17.000Z",
|
|
|
|
"pattern": "[url:value = 'http://sportsandsocialchange.org/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d7a-8c20-4465-8abf-4204950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:18.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'sportsandsocialchange.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d7b-7cac-460d-b525-465c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:19.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:19.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:42:19Z",
|
|
|
|
"last_observed": "2017-06-09T09:42:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d7b-7cac-460d-b525-465c950d210f",
|
|
|
|
"ipv4-addr--593a6d7b-7cac-460d-b525-465c950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d7b-7cac-460d-b525-465c950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d7b-7cac-460d-b525-465c950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d7b-7cac-460d-b525-465c950d210f",
|
|
|
|
"value": "192.185.5.128"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d7b-0688-4c58-bc14-4843950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:19.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://stock-fallimenti.com/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d7c-62a8-4a9b-b12c-4b68950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:20.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'stock-fallimenti.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d7d-8934-4e26-af72-46d0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:21.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:21.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:42:21Z",
|
|
|
|
"last_observed": "2017-06-09T09:42:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d7d-8934-4e26-af72-46d0950d210f",
|
|
|
|
"ipv4-addr--593a6d7d-8934-4e26-af72-46d0950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d7d-8934-4e26-af72-46d0950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d7d-8934-4e26-af72-46d0950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d7d-8934-4e26-af72-46d0950d210f",
|
|
|
|
"value": "213.32.71.234"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d7d-b0ec-449d-8ebf-47f6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:21.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:21.000Z",
|
|
|
|
"pattern": "[url:value = 'http://xp.com.sg/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d7e-c974-409d-b9c7-3089950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:22.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:22.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'xp.com.sg']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d7f-4bd8-42f9-b909-4204950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:23.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:23.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:42:23Z",
|
|
|
|
"last_observed": "2017-06-09T09:42:23Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d7f-4bd8-42f9-b909-4204950d210f",
|
|
|
|
"ipv4-addr--593a6d7f-4bd8-42f9-b909-4204950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d7f-4bd8-42f9-b909-4204950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d7f-4bd8-42f9-b909-4204950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d7f-4bd8-42f9-b909-4204950d210f",
|
|
|
|
"value": "198.252.98.191"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d7f-4358-42d3-8aaf-420f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:23.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:23.000Z",
|
|
|
|
"pattern": "[url:value = 'http://yesman.me/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d80-c7b8-4aaf-b9f4-49b6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:24.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:24.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'yesman.me']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d81-bbb4-4c6c-be7b-446a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:25.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:25.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:42:25Z",
|
|
|
|
"last_observed": "2017-06-09T09:42:25Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d81-bbb4-4c6c-be7b-446a950d210f",
|
|
|
|
"ipv4-addr--593a6d81-bbb4-4c6c-be7b-446a950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d81-bbb4-4c6c-be7b-446a950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d81-bbb4-4c6c-be7b-446a950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d81-bbb4-4c6c-be7b-446a950d210f",
|
|
|
|
"value": "103.254.148.134"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d81-0eb8-469c-93d6-4e9f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:25.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:25.000Z",
|
|
|
|
"pattern": "[url:value = 'http://zeshta.com/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d82-2ad0-4d99-b9c7-4bfe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:26.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:26.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'zeshta.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d83-e750-4e7a-a81d-4452950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:27.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:27.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:42:27Z",
|
|
|
|
"last_observed": "2017-06-09T09:42:27Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d83-e750-4e7a-a81d-4452950d210f",
|
|
|
|
"ipv4-addr--593a6d83-e750-4e7a-a81d-4452950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d83-e750-4e7a-a81d-4452950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d83-e750-4e7a-a81d-4452950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d83-e750-4e7a-a81d-4452950d210f",
|
|
|
|
"value": "103.21.59.169"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d84-fb54-450b-b3c2-420d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:28.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:28.000Z",
|
|
|
|
"pattern": "[url:value = 'http://zonnit.com/0hbtyHG']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d84-fff4-4e07-9a3d-43ed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:28.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'zonnit.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593a6d85-ebc4-4163-8e20-421e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:29.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:29.000Z",
|
|
|
|
"first_observed": "2017-06-09T09:42:29Z",
|
|
|
|
"last_observed": "2017-06-09T09:42:29Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593a6d85-ebc4-4163-8e20-421e950d210f",
|
|
|
|
"ipv4-addr--593a6d85-ebc4-4163-8e20-421e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593a6d85-ebc4-4163-8e20-421e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593a6d85-ebc4-4163-8e20-421e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593a6d85-ebc4-4163-8e20-421e950d210f",
|
|
|
|
"value": "23.229.221.200"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d85-5b50-4710-bdd9-45d4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:29.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:29.000Z",
|
|
|
|
"pattern": "[url:value = 'http://brookstecholiggronm.net/a5/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593a6d86-f1d8-48e2-9bbb-3089950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-09T09:42:30.000Z",
|
|
|
|
"modified": "2017-06-09T09:42:30.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'brookstecholiggronm.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-09T09:42:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|