2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--593fe37d-e2e4-49e7-9f18-5726950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-15T08:44:01.000Z",
|
|
|
|
"modified": "2017-06-15T08:44:01.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--593fe37d-e2e4-49e7-9f18-5726950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-15T08:44:01.000Z",
|
|
|
|
"modified": "2017-06-15T08:44:01.000Z",
|
|
|
|
"name": "M2M - Jaff 2017-06-13 : \"Invoice PIS1234567.zip\"",
|
|
|
|
"published": "2017-06-15T08:44:21Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--593fe37e-a62c-4e14-9cdc-abb8950d210f",
|
|
|
|
"indicator--593fe37e-f368-4171-a66f-a9ed950d210f",
|
|
|
|
"indicator--593fe37f-78c0-4a71-b8b0-a8ae950d210f",
|
|
|
|
"indicator--593fe37f-18f0-4b4d-ae8f-ab19950d210f",
|
|
|
|
"observed-data--593fe382-e720-4886-a71d-a84d950d210f",
|
|
|
|
"network-traffic--593fe382-e720-4886-a71d-a84d950d210f",
|
|
|
|
"ipv4-addr--593fe382-e720-4886-a71d-a84d950d210f",
|
|
|
|
"indicator--593fe383-7ca4-4e81-aba2-a9ed950d210f",
|
|
|
|
"indicator--593fe383-a954-4cef-bf1e-573c950d210f",
|
|
|
|
"observed-data--593fe387-6b60-45d5-ba59-aa2d950d210f",
|
|
|
|
"network-traffic--593fe387-6b60-45d5-ba59-aa2d950d210f",
|
|
|
|
"ipv4-addr--593fe387-6b60-45d5-ba59-aa2d950d210f",
|
|
|
|
"indicator--593fe387-ad24-4da8-a2fd-a84d950d210f",
|
|
|
|
"indicator--593fe388-dbc4-4ede-b59e-a9ed950d210f",
|
|
|
|
"observed-data--593fe389-fce4-4e1d-a112-5726950d210f",
|
|
|
|
"network-traffic--593fe389-fce4-4e1d-a112-5726950d210f",
|
|
|
|
"ipv4-addr--593fe389-fce4-4e1d-a112-5726950d210f",
|
|
|
|
"indicator--593fe389-6254-4aa3-b013-45ef950d210f",
|
|
|
|
"indicator--593fe38a-44a4-4f47-8434-44b3950d210f",
|
|
|
|
"observed-data--593fe38a-7224-47be-b33a-aa2d950d210f",
|
|
|
|
"network-traffic--593fe38a-7224-47be-b33a-aa2d950d210f",
|
|
|
|
"ipv4-addr--593fe38a-7224-47be-b33a-aa2d950d210f",
|
|
|
|
"indicator--593fe38b-b004-4b1a-bf8d-a84d950d210f",
|
|
|
|
"indicator--593fe38b-d28c-4eac-9923-4904950d210f",
|
|
|
|
"observed-data--593fe38d-87e0-44ac-8e8c-5726950d210f",
|
|
|
|
"network-traffic--593fe38d-87e0-44ac-8e8c-5726950d210f",
|
|
|
|
"ipv4-addr--593fe38d-87e0-44ac-8e8c-5726950d210f",
|
|
|
|
"indicator--593fe38d-b110-463c-96b4-4416950d210f",
|
|
|
|
"indicator--593fe38e-cd48-4bea-a504-a812950d210f",
|
|
|
|
"observed-data--593fe38e-ce2c-44ba-9613-abb8950d210f",
|
|
|
|
"network-traffic--593fe38e-ce2c-44ba-9613-abb8950d210f",
|
|
|
|
"ipv4-addr--593fe38e-ce2c-44ba-9613-abb8950d210f",
|
|
|
|
"indicator--593fe38f-c5f8-4474-aaf0-572e950d210f",
|
|
|
|
"indicator--593fe38f-5f5c-4ae0-a53f-a9ed950d210f",
|
|
|
|
"observed-data--593fe390-451c-4c88-bf4e-a8ae950d210f",
|
|
|
|
"network-traffic--593fe390-451c-4c88-bf4e-a8ae950d210f",
|
|
|
|
"ipv4-addr--593fe390-451c-4c88-bf4e-a8ae950d210f",
|
|
|
|
"indicator--593fe390-4380-4f4d-9cf8-5726950d210f",
|
|
|
|
"indicator--593fe391-1134-4da9-9ed2-4b57950d210f",
|
|
|
|
"observed-data--593fe391-cbd4-40ad-a291-a812950d210f",
|
|
|
|
"network-traffic--593fe391-cbd4-40ad-a291-a812950d210f",
|
|
|
|
"ipv4-addr--593fe391-cbd4-40ad-a291-a812950d210f",
|
|
|
|
"indicator--593fe392-3f14-48ca-ab1c-aa2d950d210f",
|
|
|
|
"indicator--593fe392-c76c-4916-b03e-572e950d210f",
|
|
|
|
"indicator--593fe398-fcfc-4d6f-a868-572e950d210f",
|
|
|
|
"indicator--593fe398-85c4-4f20-8668-573c950d210f",
|
|
|
|
"observed-data--593fe399-1f2c-4ad4-96eb-4dec950d210f",
|
|
|
|
"network-traffic--593fe399-1f2c-4ad4-96eb-4dec950d210f",
|
|
|
|
"ipv4-addr--593fe399-1f2c-4ad4-96eb-4dec950d210f",
|
|
|
|
"indicator--593fe39a-0958-4ee3-b6a0-40bd950d210f",
|
|
|
|
"indicator--593fe39a-ef90-40fb-92e5-47c4950d210f",
|
|
|
|
"observed-data--593fe39b-eed8-4672-90dc-aa2d950d210f",
|
|
|
|
"network-traffic--593fe39b-eed8-4672-90dc-aa2d950d210f",
|
|
|
|
"ipv4-addr--593fe39b-eed8-4672-90dc-aa2d950d210f",
|
|
|
|
"indicator--593fe39b-87b4-41ac-aafc-573c950d210f",
|
|
|
|
"indicator--593fe39c-8df0-42eb-8ef0-ab19950d210f",
|
|
|
|
"observed-data--593fe39c-a228-411b-bc3f-4b9a950d210f",
|
|
|
|
"network-traffic--593fe39c-a228-411b-bc3f-4b9a950d210f",
|
|
|
|
"ipv4-addr--593fe39c-a228-411b-bc3f-4b9a950d210f",
|
|
|
|
"indicator--593fe39d-2f84-4f08-99e3-a812950d210f",
|
|
|
|
"indicator--593fe39d-aa84-42fb-a114-abb8950d210f",
|
|
|
|
"observed-data--593fe39f-6c94-4f81-b3cf-aa2d950d210f",
|
|
|
|
"network-traffic--593fe39f-6c94-4f81-b3cf-aa2d950d210f",
|
|
|
|
"ipv4-addr--593fe39f-6c94-4f81-b3cf-aa2d950d210f",
|
|
|
|
"indicator--593fe39f-f008-4b41-9fd0-a8ae950d210f",
|
|
|
|
"indicator--593fe3a0-92f4-4299-9263-4fa9950d210f",
|
|
|
|
"observed-data--593fe3a2-cbc8-4ed5-a800-573e950d210f",
|
|
|
|
"network-traffic--593fe3a2-cbc8-4ed5-a800-573e950d210f",
|
|
|
|
"ipv4-addr--593fe3a2-cbc8-4ed5-a800-573e950d210f",
|
|
|
|
"indicator--593fe3a3-5fa0-4d1a-aed0-aa2d950d210f",
|
|
|
|
"indicator--593fe3a4-deec-4761-882b-426d950d210f",
|
|
|
|
"observed-data--593fe3a7-2cc8-490a-ad18-572e950d210f",
|
|
|
|
"network-traffic--593fe3a7-2cc8-490a-ad18-572e950d210f",
|
|
|
|
"ipv4-addr--593fe3a7-2cc8-490a-ad18-572e950d210f",
|
|
|
|
"indicator--593fe3a8-925c-4662-90f3-aa2d950d210f",
|
|
|
|
"indicator--593fe3a9-0e8c-497b-805b-46ad950d210f",
|
|
|
|
"observed-data--593fe3aa-82fc-4fb5-8408-49c7950d210f",
|
|
|
|
"network-traffic--593fe3aa-82fc-4fb5-8408-49c7950d210f",
|
|
|
|
"ipv4-addr--593fe3aa-82fc-4fb5-8408-49c7950d210f",
|
|
|
|
"indicator--593fe3ac-ee58-422d-94b0-5726950d210f",
|
|
|
|
"indicator--593fe3ad-5234-425b-9b17-4f53950d210f",
|
|
|
|
"observed-data--593fe3af-b774-4616-bb6d-abb8950d210f",
|
|
|
|
"network-traffic--593fe3af-b774-4616-bb6d-abb8950d210f",
|
|
|
|
"ipv4-addr--593fe3af-b774-4616-bb6d-abb8950d210f",
|
|
|
|
"indicator--593fe3b0-f3a0-4a3d-aefb-a8ae950d210f",
|
|
|
|
"indicator--593fe3b1-9640-4237-9f79-45e4950d210f",
|
|
|
|
"observed-data--593fe3b2-4330-464f-8533-4056950d210f",
|
|
|
|
"network-traffic--593fe3b2-4330-464f-8533-4056950d210f",
|
|
|
|
"ipv4-addr--593fe3b2-4330-464f-8533-4056950d210f",
|
|
|
|
"indicator--593fe3b3-8c18-4e6e-818b-45c2950d210f",
|
|
|
|
"indicator--593fe3b4-ffe4-419e-ab8d-5726950d210f",
|
|
|
|
"observed-data--593fe3b5-aa1c-4d50-8c9f-4294950d210f",
|
|
|
|
"network-traffic--593fe3b5-aa1c-4d50-8c9f-4294950d210f",
|
|
|
|
"ipv4-addr--593fe3b5-aa1c-4d50-8c9f-4294950d210f",
|
|
|
|
"indicator--593fe3b6-a048-44cd-ba37-4ef0950d210f",
|
|
|
|
"indicator--593fe3b6-f598-4689-be2b-4052950d210f",
|
|
|
|
"observed-data--593fe3b7-fe2c-43ae-a5d8-49f6950d210f",
|
|
|
|
"network-traffic--593fe3b7-fe2c-43ae-a5d8-49f6950d210f",
|
|
|
|
"ipv4-addr--593fe3b7-fe2c-43ae-a5d8-49f6950d210f",
|
|
|
|
"indicator--593fe3b7-cf40-42ed-a0c4-573e950d210f",
|
|
|
|
"indicator--593fe3b8-01a8-4a9a-90f1-572e950d210f",
|
|
|
|
"observed-data--593fe3c3-5148-4562-9817-4910950d210f",
|
|
|
|
"network-traffic--593fe3c3-5148-4562-9817-4910950d210f",
|
|
|
|
"ipv4-addr--593fe3c3-5148-4562-9817-4910950d210f",
|
|
|
|
"indicator--593ff51b-b4f0-47ce-a89e-a84d02de0b81",
|
|
|
|
"indicator--593ff51b-2354-433d-a23c-a84d02de0b81",
|
|
|
|
"observed-data--593ff51b-7a98-4384-b28d-a84d02de0b81",
|
|
|
|
"url--593ff51b-7a98-4384-b28d-a84d02de0b81",
|
|
|
|
"indicator--593ff51c-acb8-4c67-b30b-a84d02de0b81",
|
|
|
|
"indicator--593ff51c-8ba0-4220-8ab8-a84d02de0b81",
|
|
|
|
"observed-data--593ff51c-fbb4-4301-af77-a84d02de0b81",
|
|
|
|
"url--593ff51c-fbb4-4301-af77-a84d02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
|
|
"misp-galaxy:ransomware=\"Jaff\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe37e-a62c-4e14-9cdc-abb8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '124ae610306c4a2c06bac44757f464d2']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe37e-f368-4171-a66f-a9ed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '33659c92c53259e3d2f2c71e66bab762']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe37f-78c0-4a71-b8b0-a8ae950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://16892.net/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe37f-18f0-4b4d-ae8f-ab19950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = '16892.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe382-e720-4886-a71d-a84d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe382-e720-4886-a71d-a84d950d210f",
|
|
|
|
"ipv4-addr--593fe382-e720-4886-a71d-a84d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe382-e720-4886-a71d-a84d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe382-e720-4886-a71d-a84d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe382-e720-4886-a71d-a84d950d210f",
|
|
|
|
"value": "199.79.63.100"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe383-7ca4-4e81-aba2-a9ed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://78tguyc876wwirglmltm.net/af/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe383-a954-4cef-bf1e-573c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = '78tguyc876wwirglmltm.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe387-6b60-45d5-ba59-aa2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe387-6b60-45d5-ba59-aa2d950d210f",
|
|
|
|
"ipv4-addr--593fe387-6b60-45d5-ba59-aa2d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe387-6b60-45d5-ba59-aa2d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe387-6b60-45d5-ba59-aa2d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe387-6b60-45d5-ba59-aa2d950d210f",
|
|
|
|
"value": "119.28.85.128"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe387-ad24-4da8-a2fd-a84d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://aarontax.com/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe388-dbc4-4ede-b59e-a9ed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'aarontax.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe389-fce4-4e1d-a112-5726950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe389-fce4-4e1d-a112-5726950d210f",
|
|
|
|
"ipv4-addr--593fe389-fce4-4e1d-a112-5726950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe389-fce4-4e1d-a112-5726950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe389-fce4-4e1d-a112-5726950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe389-fce4-4e1d-a112-5726950d210f",
|
|
|
|
"value": "107.180.2.55"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe389-6254-4aa3-b013-45ef950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://abyzon.com/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe38a-44a4-4f47-8434-44b3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'abyzon.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe38a-7224-47be-b33a-aa2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe38a-7224-47be-b33a-aa2d950d210f",
|
|
|
|
"ipv4-addr--593fe38a-7224-47be-b33a-aa2d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe38a-7224-47be-b33a-aa2d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe38a-7224-47be-b33a-aa2d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe38a-7224-47be-b33a-aa2d950d210f",
|
|
|
|
"value": "192.185.129.5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe38b-b004-4b1a-bf8d-a84d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://aristei.com.ar/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe38b-d28c-4eac-9923-4904950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'aristei.com.ar']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe38d-87e0-44ac-8e8c-5726950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe38d-87e0-44ac-8e8c-5726950d210f",
|
|
|
|
"ipv4-addr--593fe38d-87e0-44ac-8e8c-5726950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe38d-87e0-44ac-8e8c-5726950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe38d-87e0-44ac-8e8c-5726950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe38d-87e0-44ac-8e8c-5726950d210f",
|
|
|
|
"value": "190.105.227.224"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe38d-b110-463c-96b4-4416950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://careermag.in/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe38e-cd48-4bea-a504-a812950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'careermag.in']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe38e-ce2c-44ba-9613-abb8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe38e-ce2c-44ba-9613-abb8950d210f",
|
|
|
|
"ipv4-addr--593fe38e-ce2c-44ba-9613-abb8950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe38e-ce2c-44ba-9613-abb8950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe38e-ce2c-44ba-9613-abb8950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe38e-ce2c-44ba-9613-abb8950d210f",
|
|
|
|
"value": "199.79.63.167"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe38f-c5f8-4474-aaf0-572e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://ciiltire.com/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe38f-5f5c-4ae0-a53f-a9ed950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ciiltire.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe390-451c-4c88-bf4e-a8ae950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe390-451c-4c88-bf4e-a8ae950d210f",
|
|
|
|
"ipv4-addr--593fe390-451c-4c88-bf4e-a8ae950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe390-451c-4c88-bf4e-a8ae950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe390-451c-4c88-bf4e-a8ae950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe390-451c-4c88-bf4e-a8ae950d210f",
|
|
|
|
"value": "198.23.48.27"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe390-4380-4f4d-9cf8-5726950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://cinema-strasbourg.com/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe391-1134-4da9-9ed2-4b57950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'cinema-strasbourg.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe391-cbd4-40ad-a291-a812950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe391-cbd4-40ad-a291-a812950d210f",
|
|
|
|
"ipv4-addr--593fe391-cbd4-40ad-a291-a812950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe391-cbd4-40ad-a291-a812950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe391-cbd4-40ad-a291-a812950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe391-cbd4-40ad-a291-a812950d210f",
|
|
|
|
"value": "5.196.28.243"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe392-3f14-48ca-ab1c-aa2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://e67tfgc4uybfbnfmd.org/af/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe392-c76c-4916-b03e-572e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'e67tfgc4uybfbnfmd.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe398-fcfc-4d6f-a868-572e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://makkahhaj.com/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe398-85c4-4f20-8668-573c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'makkahhaj.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe399-1f2c-4ad4-96eb-4dec950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe399-1f2c-4ad4-96eb-4dec950d210f",
|
|
|
|
"ipv4-addr--593fe399-1f2c-4ad4-96eb-4dec950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe399-1f2c-4ad4-96eb-4dec950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe399-1f2c-4ad4-96eb-4dec950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe399-1f2c-4ad4-96eb-4dec950d210f",
|
|
|
|
"value": "162.215.252.26"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe39a-0958-4ee3-b6a0-40bd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mokinukai.lt/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe39a-ef90-40fb-92e5-47c4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mokinukai.lt']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe39b-eed8-4672-90dc-aa2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe39b-eed8-4672-90dc-aa2d950d210f",
|
|
|
|
"ipv4-addr--593fe39b-eed8-4672-90dc-aa2d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe39b-eed8-4672-90dc-aa2d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe39b-eed8-4672-90dc-aa2d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe39b-eed8-4672-90dc-aa2d950d210f",
|
|
|
|
"value": "217.17.85.67"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe39b-87b4-41ac-aafc-573c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mseconsultant.com/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe39c-8df0-42eb-8ef0-ab19950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mseconsultant.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe39c-a228-411b-bc3f-4b9a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe39c-a228-411b-bc3f-4b9a950d210f",
|
|
|
|
"ipv4-addr--593fe39c-a228-411b-bc3f-4b9a950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe39c-a228-411b-bc3f-4b9a950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe39c-a228-411b-bc3f-4b9a950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe39c-a228-411b-bc3f-4b9a950d210f",
|
|
|
|
"value": "103.21.59.165"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe39d-2f84-4f08-99e3-a812950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://oscarbenson.com/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe39d-aa84-42fb-a114-abb8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'oscarbenson.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe39f-6c94-4f81-b3cf-aa2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe39f-6c94-4f81-b3cf-aa2d950d210f",
|
|
|
|
"ipv4-addr--593fe39f-6c94-4f81-b3cf-aa2d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe39f-6c94-4f81-b3cf-aa2d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe39f-6c94-4f81-b3cf-aa2d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe39f-6c94-4f81-b3cf-aa2d950d210f",
|
|
|
|
"value": "202.181.132.161"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe39f-f008-4b41-9fd0-a8ae950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://qiyuner.com/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3a0-92f4-4299-9263-4fa9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'qiyuner.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe3a2-cbc8-4ed5-a800-573e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe3a2-cbc8-4ed5-a800-573e950d210f",
|
|
|
|
"ipv4-addr--593fe3a2-cbc8-4ed5-a800-573e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe3a2-cbc8-4ed5-a800-573e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe3a2-cbc8-4ed5-a800-573e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe3a2-cbc8-4ed5-a800-573e950d210f",
|
|
|
|
"value": "115.28.21.247"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3a3-5fa0-4d1a-aed0-aa2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://scjjh.cn/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3a4-deec-4761-882b-426d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'scjjh.cn']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe3a7-2cc8-490a-ad18-572e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe3a7-2cc8-490a-ad18-572e950d210f",
|
|
|
|
"ipv4-addr--593fe3a7-2cc8-490a-ad18-572e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe3a7-2cc8-490a-ad18-572e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe3a7-2cc8-490a-ad18-572e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe3a7-2cc8-490a-ad18-572e950d210f",
|
|
|
|
"value": "211.149.226.210"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3a8-925c-4662-90f3-aa2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://sock.lt/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3a9-0e8c-497b-805b-46ad950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'sock.lt']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe3aa-82fc-4fb5-8408-49c7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe3aa-82fc-4fb5-8408-49c7950d210f",
|
|
|
|
"ipv4-addr--593fe3aa-82fc-4fb5-8408-49c7950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe3aa-82fc-4fb5-8408-49c7950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe3aa-82fc-4fb5-8408-49c7950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe3aa-82fc-4fb5-8408-49c7950d210f",
|
|
|
|
"value": "79.98.24.194"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3ac-ee58-422d-94b0-5726950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://speedgrow.com/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3ad-5234-425b-9b17-4f53950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'speedgrow.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe3af-b774-4616-bb6d-abb8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe3af-b774-4616-bb6d-abb8950d210f",
|
|
|
|
"ipv4-addr--593fe3af-b774-4616-bb6d-abb8950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe3af-b774-4616-bb6d-abb8950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe3af-b774-4616-bb6d-abb8950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe3af-b774-4616-bb6d-abb8950d210f",
|
|
|
|
"value": "116.12.48.139"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3b0-f3a0-4a3d-aefb-a8ae950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://yes2malaysia.com/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3b1-9640-4237-9f79-45e4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'yes2malaysia.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe3b2-4330-464f-8533-4056950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe3b2-4330-464f-8533-4056950d210f",
|
|
|
|
"ipv4-addr--593fe3b2-4330-464f-8533-4056950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe3b2-4330-464f-8533-4056950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe3b2-4330-464f-8533-4056950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe3b2-4330-464f-8533-4056950d210f",
|
|
|
|
"value": "110.4.45.97"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3b3-8c18-4e6e-818b-45c2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://zabandan.com/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3b4-ffe4-419e-ab8d-5726950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'zabandan.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe3b5-aa1c-4d50-8c9f-4294950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe3b5-aa1c-4d50-8c9f-4294950d210f",
|
|
|
|
"ipv4-addr--593fe3b5-aa1c-4d50-8c9f-4294950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe3b5-aa1c-4d50-8c9f-4294950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe3b5-aa1c-4d50-8c9f-4294950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe3b5-aa1c-4d50-8c9f-4294950d210f",
|
|
|
|
"value": "130.185.72.116"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3b6-a048-44cd-ba37-4ef0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://zebtex.com/984hvxd']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3b6-f598-4689-be2b-4052950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'zebtex.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe3b7-fe2c-43ae-a5d8-49f6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe3b7-fe2c-43ae-a5d8-49f6950d210f",
|
|
|
|
"ipv4-addr--593fe3b7-fe2c-43ae-a5d8-49f6950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe3b7-fe2c-43ae-a5d8-49f6950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe3b7-fe2c-43ae-a5d8-49f6950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe3b7-fe2c-43ae-a5d8-49f6950d210f",
|
|
|
|
"value": "208.91.198.105"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3b7-cf40-42ed-a0c4-573e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://toronadrouuyrt5wwf.com/a5/']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593fe3b8-01a8-4a9a-90f1-572e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'toronadrouuyrt5wwf.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:21:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593fe3c3-5148-4562-9817-4910950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:21:55.000Z",
|
|
|
|
"modified": "2017-06-13T14:21:55.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"last_observed": "2017-06-13T14:21:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--593fe3c3-5148-4562-9817-4910950d210f",
|
|
|
|
"ipv4-addr--593fe3c3-5148-4562-9817-4910950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--593fe3c3-5148-4562-9817-4910950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--593fe3c3-5148-4562-9817-4910950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--593fe3c3-5148-4562-9817-4910950d210f",
|
|
|
|
"value": "119.28.98.205"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593ff51b-b4f0-47ce-a89e-a84d02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:22:19.000Z",
|
|
|
|
"modified": "2017-06-13T14:22:19.000Z",
|
|
|
|
"description": "- Xchecked via VT: 124ae610306c4a2c06bac44757f464d2",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '31f37745ed6e75d4ee975481b603a95d8e20642153ec6dc1c87193066990aaec']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:22:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593ff51b-2354-433d-a23c-a84d02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:22:19.000Z",
|
|
|
|
"modified": "2017-06-13T14:22:19.000Z",
|
|
|
|
"description": "- Xchecked via VT: 124ae610306c4a2c06bac44757f464d2",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '2ca20e12f8a2ba865f7144671e1b61f906a93b0b']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:22:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593ff51b-7a98-4384-b28d-a84d02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:22:19.000Z",
|
|
|
|
"modified": "2017-06-13T14:22:19.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:22:19Z",
|
|
|
|
"last_observed": "2017-06-13T14:22:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--593ff51b-7a98-4384-b28d-a84d02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--593ff51b-7a98-4384-b28d-a84d02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/31f37745ed6e75d4ee975481b603a95d8e20642153ec6dc1c87193066990aaec/analysis/1497346690/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593ff51c-acb8-4c67-b30b-a84d02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:22:20.000Z",
|
|
|
|
"modified": "2017-06-13T14:22:20.000Z",
|
|
|
|
"description": "- Xchecked via VT: 33659c92c53259e3d2f2c71e66bab762",
|
|
|
|
"pattern": "[file:hashes.SHA256 = 'c748df01456ff4f89c6413b229fafdfcd07f6503b9b9d3e3450642e3070740ac']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:22:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--593ff51c-8ba0-4220-8ab8-a84d02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:22:20.000Z",
|
|
|
|
"modified": "2017-06-13T14:22:20.000Z",
|
|
|
|
"description": "- Xchecked via VT: 33659c92c53259e3d2f2c71e66bab762",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '6c5ffb2702f91868b084eb0e5fcf3b68dafa2c5d']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-13T14:22:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--593ff51c-fbb4-4301-af77-a84d02de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-13T14:22:20.000Z",
|
|
|
|
"modified": "2017-06-13T14:22:20.000Z",
|
|
|
|
"first_observed": "2017-06-13T14:22:20Z",
|
|
|
|
"last_observed": "2017-06-13T14:22:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--593ff51c-fbb4-4301-af77-a84d02de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--593ff51c-fbb4-4301-af77-a84d02de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/c748df01456ff4f89c6413b229fafdfcd07f6503b9b9d3e3450642e3070740ac/analysis/1497352148/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|