2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--59b7f2a6-e0bc-431c-af2f-4b18950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:14.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:14.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--59b7f2a6-e0bc-431c-af2f-4b18950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:14.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:14.000Z",
|
|
|
|
"name": "M2M - Locky 2017-09-12 : Affid=3, \".lukitus\" : \"Your Amazon.co.uk order...\" / AmazonSignIn.html links",
|
|
|
|
"published": "2017-09-12T14:45:39Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--59b7f2a7-869c-4013-bafc-02fc950d210f",
|
|
|
|
"indicator--59b7f2a7-b894-4184-b613-4cd3950d210f",
|
|
|
|
"observed-data--59b7f2a8-81fc-4dcf-87ec-4389950d210f",
|
|
|
|
"network-traffic--59b7f2a8-81fc-4dcf-87ec-4389950d210f",
|
|
|
|
"ipv4-addr--59b7f2a8-81fc-4dcf-87ec-4389950d210f",
|
|
|
|
"indicator--59b7f2a9-ac3c-428b-84c5-43d8950d210f",
|
|
|
|
"indicator--59b7f2a9-e624-40b6-bcc5-48f6950d210f",
|
|
|
|
"observed-data--59b7f2a9-ab3c-41da-bf49-4bec950d210f",
|
|
|
|
"network-traffic--59b7f2a9-ab3c-41da-bf49-4bec950d210f",
|
|
|
|
"ipv4-addr--59b7f2a9-ab3c-41da-bf49-4bec950d210f",
|
|
|
|
"indicator--59b7f2a9-dc58-43b4-b0c1-466e950d210f",
|
|
|
|
"indicator--59b7f2aa-9148-41e4-86c3-4612950d210f",
|
|
|
|
"observed-data--59b7f2aa-d9b8-4289-a4c6-02fc950d210f",
|
|
|
|
"network-traffic--59b7f2aa-d9b8-4289-a4c6-02fc950d210f",
|
|
|
|
"ipv4-addr--59b7f2aa-d9b8-4289-a4c6-02fc950d210f",
|
|
|
|
"indicator--59b7f2aa-60dc-4753-a2ba-45a1950d210f",
|
|
|
|
"indicator--59b7f2aa-0c5c-474b-8011-4e6d950d210f",
|
|
|
|
"observed-data--59b7f2ab-faa4-4be8-9af9-4d19950d210f",
|
|
|
|
"network-traffic--59b7f2ab-faa4-4be8-9af9-4d19950d210f",
|
|
|
|
"ipv4-addr--59b7f2ab-faa4-4be8-9af9-4d19950d210f",
|
|
|
|
"indicator--59b7f2ab-31d4-4c97-9c5f-4857950d210f",
|
|
|
|
"indicator--59b7f2ac-c448-4ec1-85f9-41e2950d210f",
|
|
|
|
"observed-data--59b7f2ac-3ae4-4f87-938a-4221950d210f",
|
|
|
|
"network-traffic--59b7f2ac-3ae4-4f87-938a-4221950d210f",
|
|
|
|
"ipv4-addr--59b7f2ac-3ae4-4f87-938a-4221950d210f",
|
|
|
|
"indicator--59b7f2ac-a858-4c0b-aff6-46cb950d210f",
|
|
|
|
"indicator--59b7f2ac-1df4-48bf-b902-46fd950d210f",
|
|
|
|
"observed-data--59b7f2ac-5434-4b35-be53-47f7950d210f",
|
|
|
|
"network-traffic--59b7f2ac-5434-4b35-be53-47f7950d210f",
|
|
|
|
"ipv4-addr--59b7f2ac-5434-4b35-be53-47f7950d210f",
|
|
|
|
"indicator--59b7f2ad-a560-466f-acea-4d4a950d210f",
|
|
|
|
"indicator--59b7f2ad-c64c-4f21-b166-4a96950d210f",
|
|
|
|
"observed-data--59b7f2ad-1384-4d33-aef0-40e2950d210f",
|
|
|
|
"network-traffic--59b7f2ad-1384-4d33-aef0-40e2950d210f",
|
|
|
|
"ipv4-addr--59b7f2ad-1384-4d33-aef0-40e2950d210f",
|
|
|
|
"indicator--59b7f2ad-dcac-42df-bf55-4f12950d210f",
|
|
|
|
"indicator--59b7f2ad-a1ac-4054-873e-02fc950d210f",
|
|
|
|
"observed-data--59b7f2ae-a408-4c1a-9409-4fae950d210f",
|
|
|
|
"network-traffic--59b7f2ae-a408-4c1a-9409-4fae950d210f",
|
|
|
|
"ipv4-addr--59b7f2ae-a408-4c1a-9409-4fae950d210f",
|
|
|
|
"indicator--59b7f2ae-3ec8-433e-9c67-4ded950d210f",
|
|
|
|
"indicator--59b7f2ae-a594-403d-9677-44f3950d210f",
|
|
|
|
"observed-data--59b7f2b0-7220-49ab-993b-4e5e950d210f",
|
|
|
|
"network-traffic--59b7f2b0-7220-49ab-993b-4e5e950d210f",
|
|
|
|
"ipv4-addr--59b7f2b0-7220-49ab-993b-4e5e950d210f",
|
|
|
|
"indicator--59b7f2b0-9ac8-4da2-9f6b-42cd950d210f",
|
|
|
|
"indicator--59b7f2b1-b168-4d01-a2ad-4c32950d210f",
|
|
|
|
"observed-data--59b7f2b1-5dc0-4e51-b891-4f34950d210f",
|
|
|
|
"network-traffic--59b7f2b1-5dc0-4e51-b891-4f34950d210f",
|
|
|
|
"ipv4-addr--59b7f2b1-5dc0-4e51-b891-4f34950d210f",
|
|
|
|
"indicator--59b7f2b1-b17c-49cf-8a97-4d84950d210f",
|
|
|
|
"indicator--59b7f2b2-7850-4e2b-800e-4085950d210f",
|
|
|
|
"indicator--59b7f2b2-361c-43db-837c-43a6950d210f",
|
|
|
|
"indicator--59b7f2b2-9cf0-4969-b18a-42f0950d210f",
|
|
|
|
"observed-data--59b7f2b2-4e9c-4e16-b726-4c02950d210f",
|
|
|
|
"network-traffic--59b7f2b2-4e9c-4e16-b726-4c02950d210f",
|
|
|
|
"ipv4-addr--59b7f2b2-4e9c-4e16-b726-4c02950d210f",
|
|
|
|
"indicator--59b7f2b3-d35c-4090-bedd-4b2a950d210f",
|
|
|
|
"indicator--59b7f2b3-c68c-42a9-aa43-4599950d210f",
|
|
|
|
"observed-data--59b7f2b3-dff8-437c-912b-4acf950d210f",
|
|
|
|
"network-traffic--59b7f2b3-dff8-437c-912b-4acf950d210f",
|
|
|
|
"ipv4-addr--59b7f2b3-dff8-437c-912b-4acf950d210f",
|
|
|
|
"indicator--59b7f2b3-4ac8-456f-80e6-47e2950d210f",
|
|
|
|
"indicator--59b7f2b4-6734-44e9-8eea-48ec950d210f",
|
|
|
|
"observed-data--59b7f2b4-8790-4f33-a1ee-4a92950d210f",
|
|
|
|
"network-traffic--59b7f2b4-8790-4f33-a1ee-4a92950d210f",
|
|
|
|
"ipv4-addr--59b7f2b4-8790-4f33-a1ee-4a92950d210f",
|
|
|
|
"indicator--59b7f2b4-fd40-4d51-bc61-4781950d210f",
|
|
|
|
"indicator--59b7f2b4-72a8-42e9-ad94-4db6950d210f",
|
|
|
|
"observed-data--59b7f2b6-d470-462a-bdd1-4054950d210f",
|
|
|
|
"network-traffic--59b7f2b6-d470-462a-bdd1-4054950d210f",
|
|
|
|
"ipv4-addr--59b7f2b6-d470-462a-bdd1-4054950d210f",
|
|
|
|
"indicator--59b7f2b6-a4cc-46d9-8b3a-02fc950d210f",
|
|
|
|
"indicator--59b7f2b6-2a2c-46d0-8c73-40c9950d210f",
|
|
|
|
"observed-data--59b7f2b7-7320-4a0d-8e92-4cbd950d210f",
|
|
|
|
"network-traffic--59b7f2b7-7320-4a0d-8e92-4cbd950d210f",
|
|
|
|
"ipv4-addr--59b7f2b7-7320-4a0d-8e92-4cbd950d210f",
|
|
|
|
"indicator--59b7f2b7-1fb0-4926-94a3-46e9950d210f",
|
|
|
|
"indicator--59b7f2b7-89b0-4fa5-9893-454e950d210f",
|
|
|
|
"observed-data--59b7f2b7-4fc8-41a1-adc6-478b950d210f",
|
|
|
|
"network-traffic--59b7f2b7-4fc8-41a1-adc6-478b950d210f",
|
|
|
|
"ipv4-addr--59b7f2b7-4fc8-41a1-adc6-478b950d210f",
|
|
|
|
"indicator--59b7f2b8-e5c0-490b-b718-4621950d210f",
|
|
|
|
"indicator--59b7f2b8-79cc-4d74-b236-4037950d210f",
|
|
|
|
"observed-data--59b7f2b8-80b8-4734-863f-4724950d210f",
|
|
|
|
"network-traffic--59b7f2b8-80b8-4734-863f-4724950d210f",
|
|
|
|
"ipv4-addr--59b7f2b8-80b8-4734-863f-4724950d210f",
|
|
|
|
"indicator--59b7f2b9-dfcc-4fd3-8573-4d5e950d210f",
|
|
|
|
"indicator--59b7f2b9-8b34-4f82-ab5d-02fc950d210f",
|
|
|
|
"observed-data--59b7f2b9-d504-4c1d-b907-49ba950d210f",
|
|
|
|
"network-traffic--59b7f2b9-d504-4c1d-b907-49ba950d210f",
|
|
|
|
"ipv4-addr--59b7f2b9-d504-4c1d-b907-49ba950d210f",
|
|
|
|
"indicator--59b7f2b9-a7b8-40fb-8669-4329950d210f",
|
|
|
|
"indicator--59b7f2ba-230c-4368-8792-4b96950d210f",
|
|
|
|
"observed-data--59b7f2ba-d728-4dfc-9b66-431f950d210f",
|
|
|
|
"network-traffic--59b7f2ba-d728-4dfc-9b66-431f950d210f",
|
|
|
|
"ipv4-addr--59b7f2ba-d728-4dfc-9b66-431f950d210f",
|
|
|
|
"indicator--59b7f2ba-fa40-428a-902f-4b0e950d210f",
|
|
|
|
"indicator--59b7f2ba-b8bc-4169-bf13-4e35950d210f",
|
|
|
|
"observed-data--59b7f2bb-3d98-409d-b4b7-4063950d210f",
|
|
|
|
"network-traffic--59b7f2bb-3d98-409d-b4b7-4063950d210f",
|
|
|
|
"ipv4-addr--59b7f2bb-3d98-409d-b4b7-4063950d210f",
|
|
|
|
"indicator--59b7f2bb-ea28-490e-a6b4-498c950d210f",
|
|
|
|
"indicator--59b7f2bb-1730-4cdc-a2b4-4dd3950d210f",
|
|
|
|
"observed-data--59b7f2bb-ebd4-4a09-b4fe-42af950d210f",
|
|
|
|
"network-traffic--59b7f2bb-ebd4-4a09-b4fe-42af950d210f",
|
|
|
|
"ipv4-addr--59b7f2bb-ebd4-4a09-b4fe-42af950d210f",
|
|
|
|
"indicator--59b7f2bb-7868-4a6b-bff5-4401950d210f",
|
|
|
|
"indicator--59b7f2bc-175c-4534-a031-4d46950d210f",
|
|
|
|
"observed-data--59b7f2bc-cfec-4264-bf7a-4783950d210f",
|
|
|
|
"network-traffic--59b7f2bc-cfec-4264-bf7a-4783950d210f",
|
|
|
|
"ipv4-addr--59b7f2bc-cfec-4264-bf7a-4783950d210f",
|
|
|
|
"indicator--59b7f2bc-d804-4f71-af21-4ad7950d210f",
|
|
|
|
"indicator--59b7f2bc-d058-4975-963f-470f950d210f",
|
|
|
|
"observed-data--59b7f2bd-5b38-49c0-97d3-47b9950d210f",
|
|
|
|
"network-traffic--59b7f2bd-5b38-49c0-97d3-47b9950d210f",
|
|
|
|
"ipv4-addr--59b7f2bd-5b38-49c0-97d3-47b9950d210f",
|
|
|
|
"indicator--59b7f2bd-7614-4f49-aa72-47e7950d210f",
|
|
|
|
"indicator--59b7f2bd-e1a8-4027-932a-47a3950d210f",
|
|
|
|
"observed-data--59b7f2bd-3888-46b3-b912-459c950d210f",
|
|
|
|
"network-traffic--59b7f2bd-3888-46b3-b912-459c950d210f",
|
|
|
|
"ipv4-addr--59b7f2bd-3888-46b3-b912-459c950d210f",
|
|
|
|
"indicator--59b7f2bd-bb1c-4320-ba46-459b950d210f",
|
|
|
|
"indicator--59b7f2be-7f6c-483d-bcff-43d3950d210f",
|
|
|
|
"observed-data--59b7f2be-8c80-4104-b3b9-45ad950d210f",
|
|
|
|
"network-traffic--59b7f2be-8c80-4104-b3b9-45ad950d210f",
|
|
|
|
"ipv4-addr--59b7f2be-8c80-4104-b3b9-45ad950d210f",
|
|
|
|
"indicator--59b7f2be-c00c-4578-88ca-4feb950d210f",
|
|
|
|
"indicator--59b7f2be-a66c-47bf-9b7c-4edb950d210f",
|
|
|
|
"observed-data--59b7f2bf-bb0c-4b78-937d-45c3950d210f",
|
|
|
|
"network-traffic--59b7f2bf-bb0c-4b78-937d-45c3950d210f",
|
|
|
|
"ipv4-addr--59b7f2bf-bb0c-4b78-937d-45c3950d210f",
|
|
|
|
"indicator--59b7f2bf-acd0-4d40-b419-02fc950d210f",
|
|
|
|
"indicator--59b7f2bf-5ae4-49b3-b260-4bc8950d210f",
|
|
|
|
"observed-data--59b7f2bf-eb28-43f6-a197-4127950d210f",
|
|
|
|
"network-traffic--59b7f2bf-eb28-43f6-a197-4127950d210f",
|
|
|
|
"ipv4-addr--59b7f2bf-eb28-43f6-a197-4127950d210f",
|
|
|
|
"indicator--59b7f2c0-df8c-4de1-8de3-4735950d210f",
|
|
|
|
"indicator--59b7f2c0-71b8-40e7-b40f-4a22950d210f",
|
|
|
|
"indicator--59b7f2c0-49d4-4cb4-befc-421d950d210f",
|
|
|
|
"indicator--59b7f2c0-65e4-4a58-ad26-4353950d210f",
|
|
|
|
"observed-data--59b7f2c1-7390-46ed-abc6-4708950d210f",
|
|
|
|
"network-traffic--59b7f2c1-7390-46ed-abc6-4708950d210f",
|
|
|
|
"ipv4-addr--59b7f2c1-7390-46ed-abc6-4708950d210f",
|
|
|
|
"indicator--59b7f2c1-551c-4e89-85fa-4efa950d210f",
|
|
|
|
"indicator--59b7f2c1-4f74-4dfa-9bee-4a7b950d210f",
|
|
|
|
"indicator--59b7f2c1-e7dc-40e0-8228-4833950d210f",
|
|
|
|
"indicator--59b7f2c2-f0e4-451a-9dbc-4751950d210f",
|
|
|
|
"observed-data--59b7f2c2-4d54-4777-892e-4175950d210f",
|
|
|
|
"network-traffic--59b7f2c2-4d54-4777-892e-4175950d210f",
|
|
|
|
"ipv4-addr--59b7f2c2-4d54-4777-892e-4175950d210f",
|
|
|
|
"indicator--59b7f2c2-8bd4-404c-b2fb-41d8950d210f",
|
|
|
|
"indicator--59b7f2c2-d24c-4bf2-a32d-4771950d210f",
|
|
|
|
"observed-data--59b7f2c3-39a8-4b28-a49b-4479950d210f",
|
|
|
|
"network-traffic--59b7f2c3-39a8-4b28-a49b-4479950d210f",
|
|
|
|
"ipv4-addr--59b7f2c3-39a8-4b28-a49b-4479950d210f",
|
|
|
|
"indicator--59b7f2c3-8ec0-4f08-9aa7-42cc950d210f",
|
|
|
|
"indicator--59b7f2c3-22fc-42f6-9791-45db950d210f",
|
|
|
|
"indicator--59b7f2c4-bdcc-48f9-afd1-41ba950d210f",
|
|
|
|
"indicator--59b7f2c4-6f6c-4476-87cc-4969950d210f",
|
|
|
|
"observed-data--59b7f2c4-fdd0-44f9-aef1-44dc950d210f",
|
|
|
|
"network-traffic--59b7f2c4-fdd0-44f9-aef1-44dc950d210f",
|
|
|
|
"ipv4-addr--59b7f2c4-fdd0-44f9-aef1-44dc950d210f",
|
|
|
|
"indicator--59b7f2c4-4d84-4bf1-8ba5-4309950d210f",
|
|
|
|
"indicator--59b7f2c4-abc8-4afa-b86d-49b6950d210f",
|
|
|
|
"observed-data--59b7f2c5-2b44-4a79-a945-4ece950d210f",
|
|
|
|
"network-traffic--59b7f2c5-2b44-4a79-a945-4ece950d210f",
|
|
|
|
"ipv4-addr--59b7f2c5-2b44-4a79-a945-4ece950d210f",
|
|
|
|
"indicator--59b7f2c5-ad18-4d83-b243-4cec950d210f",
|
|
|
|
"indicator--59b7f2c5-d8d4-46c2-8545-02fc950d210f",
|
|
|
|
"observed-data--59b7f2c6-9dd8-4eff-bb9f-43c8950d210f",
|
|
|
|
"network-traffic--59b7f2c6-9dd8-4eff-bb9f-43c8950d210f",
|
|
|
|
"ipv4-addr--59b7f2c6-9dd8-4eff-bb9f-43c8950d210f",
|
|
|
|
"indicator--59b7f2c6-4a88-4d5d-840e-4ce2950d210f",
|
|
|
|
"indicator--59b7f2c6-8348-462f-894c-4da8950d210f",
|
|
|
|
"observed-data--59b7f2c7-aa50-47e2-b9be-41a6950d210f",
|
|
|
|
"network-traffic--59b7f2c7-aa50-47e2-b9be-41a6950d210f",
|
|
|
|
"ipv4-addr--59b7f2c7-aa50-47e2-b9be-41a6950d210f",
|
|
|
|
"indicator--59b7f2c7-97f8-4a3a-8437-4126950d210f",
|
|
|
|
"indicator--59b7f2c7-b50c-41fc-8807-440d950d210f",
|
|
|
|
"observed-data--59b7f2c8-d488-4890-b41f-445e950d210f",
|
|
|
|
"network-traffic--59b7f2c8-d488-4890-b41f-445e950d210f",
|
|
|
|
"ipv4-addr--59b7f2c8-d488-4890-b41f-445e950d210f",
|
|
|
|
"indicator--59b7f2c8-df00-4149-8c6c-461d950d210f",
|
|
|
|
"indicator--59b7f2c8-61d8-401e-a8b7-4730950d210f",
|
|
|
|
"observed-data--59b7f2c8-28f0-4ead-b5ab-4395950d210f",
|
|
|
|
"network-traffic--59b7f2c8-28f0-4ead-b5ab-4395950d210f",
|
|
|
|
"ipv4-addr--59b7f2c8-28f0-4ead-b5ab-4395950d210f",
|
|
|
|
"indicator--59b7f2c9-2ae0-4736-b460-40b8950d210f",
|
|
|
|
"indicator--59b7f2c9-721c-4874-9d19-02fc950d210f",
|
|
|
|
"observed-data--59b7f2c9-5464-4bea-a2db-491d950d210f",
|
|
|
|
"network-traffic--59b7f2c9-5464-4bea-a2db-491d950d210f",
|
|
|
|
"ipv4-addr--59b7f2c9-5464-4bea-a2db-491d950d210f",
|
|
|
|
"indicator--59b7f2ca-4af0-41a6-83f7-48f2950d210f",
|
|
|
|
"indicator--59b7f2ca-439c-45f6-9422-46f9950d210f",
|
|
|
|
"observed-data--59b7f2ca-3260-40b9-8a7f-4ae6950d210f",
|
|
|
|
"network-traffic--59b7f2ca-3260-40b9-8a7f-4ae6950d210f",
|
|
|
|
"ipv4-addr--59b7f2ca-3260-40b9-8a7f-4ae6950d210f",
|
|
|
|
"indicator--59b7f2ca-0e24-4cd1-a019-47d9950d210f",
|
|
|
|
"indicator--59b7f2cb-0028-473e-8a11-4578950d210f",
|
|
|
|
"observed-data--59b7f2cb-2ee8-4fc8-b214-48da950d210f",
|
|
|
|
"network-traffic--59b7f2cb-2ee8-4fc8-b214-48da950d210f",
|
|
|
|
"ipv4-addr--59b7f2cb-2ee8-4fc8-b214-48da950d210f",
|
|
|
|
"indicator--59b7f2cb-b8d0-4208-abd7-4629950d210f",
|
|
|
|
"indicator--59b7f2cb-a228-40cc-a5de-4007950d210f",
|
|
|
|
"observed-data--59b7f2cc-2ef4-439a-aade-45a1950d210f",
|
|
|
|
"network-traffic--59b7f2cc-2ef4-439a-aade-45a1950d210f",
|
|
|
|
"ipv4-addr--59b7f2cc-2ef4-439a-aade-45a1950d210f",
|
|
|
|
"indicator--59b7f2cc-dafc-4f98-93d4-4787950d210f",
|
|
|
|
"indicator--59b7f2cc-2230-4b57-97d5-4c3e950d210f",
|
|
|
|
"observed-data--59b7f2cc-9264-42f3-9283-02fc950d210f",
|
|
|
|
"network-traffic--59b7f2cc-9264-42f3-9283-02fc950d210f",
|
|
|
|
"ipv4-addr--59b7f2cc-9264-42f3-9283-02fc950d210f",
|
|
|
|
"indicator--59b7f2cc-3680-4339-b5bf-4298950d210f",
|
|
|
|
"indicator--59b7f2cd-ea6c-405b-af31-4bcc950d210f",
|
|
|
|
"observed-data--59b7f2cd-3fdc-47c8-b7aa-4051950d210f",
|
|
|
|
"network-traffic--59b7f2cd-3fdc-47c8-b7aa-4051950d210f",
|
|
|
|
"ipv4-addr--59b7f2cd-3fdc-47c8-b7aa-4051950d210f",
|
|
|
|
"indicator--59b7f2cd-753c-4cd9-b495-49a9950d210f",
|
|
|
|
"indicator--59b7f2ce-eca0-4908-9a54-4c2e950d210f",
|
|
|
|
"observed-data--59b7f2ce-c2e8-415e-974e-4f4b950d210f",
|
|
|
|
"network-traffic--59b7f2ce-c2e8-415e-974e-4f4b950d210f",
|
|
|
|
"ipv4-addr--59b7f2ce-c2e8-415e-974e-4f4b950d210f",
|
|
|
|
"indicator--59b7f2ce-7bfc-4f39-8bff-4620950d210f",
|
|
|
|
"indicator--59b7f2cf-ce98-4af7-b55a-462f950d210f",
|
|
|
|
"observed-data--59b7f2cf-e0e4-4608-b3b6-46fe950d210f",
|
|
|
|
"network-traffic--59b7f2cf-e0e4-4608-b3b6-46fe950d210f",
|
|
|
|
"ipv4-addr--59b7f2cf-e0e4-4608-b3b6-46fe950d210f",
|
|
|
|
"indicator--59b7f2cf-ffb8-4254-8890-461f950d210f",
|
|
|
|
"indicator--59b7f2cf-dc40-41cf-8a1f-4bf8950d210f",
|
|
|
|
"observed-data--59b7f2d0-6c14-4e7c-b0e7-4da5950d210f",
|
|
|
|
"network-traffic--59b7f2d0-6c14-4e7c-b0e7-4da5950d210f",
|
|
|
|
"ipv4-addr--59b7f2d0-6c14-4e7c-b0e7-4da5950d210f",
|
|
|
|
"indicator--59b7f2d0-1974-4b74-b80b-459d950d210f",
|
|
|
|
"indicator--59b7f2d0-a810-4fa5-bada-4e78950d210f",
|
|
|
|
"indicator--59b7f2d1-75c4-42a2-b555-4e42950d210f",
|
|
|
|
"indicator--59b7f2d1-a718-4340-b133-43c9950d210f",
|
|
|
|
"observed-data--59b7f2d1-1e74-4011-adb2-4f90950d210f",
|
|
|
|
"network-traffic--59b7f2d1-1e74-4011-adb2-4f90950d210f",
|
|
|
|
"ipv4-addr--59b7f2d1-1e74-4011-adb2-4f90950d210f",
|
|
|
|
"indicator--59b7f2d1-3084-4c4a-bbfe-4cf0950d210f",
|
|
|
|
"indicator--59b7f2d2-6758-4bc2-a8b5-486c950d210f",
|
|
|
|
"observed-data--59b7f2d2-0be0-4038-bcec-48b0950d210f",
|
|
|
|
"network-traffic--59b7f2d2-0be0-4038-bcec-48b0950d210f",
|
|
|
|
"ipv4-addr--59b7f2d2-0be0-4038-bcec-48b0950d210f",
|
|
|
|
"indicator--59b7f2d2-9a78-499d-8205-44c3950d210f",
|
|
|
|
"indicator--59b7f2d2-4344-4c90-bad1-4759950d210f",
|
|
|
|
"observed-data--59b7f2d3-1954-4977-b254-4663950d210f",
|
|
|
|
"network-traffic--59b7f2d3-1954-4977-b254-4663950d210f",
|
|
|
|
"ipv4-addr--59b7f2d3-1954-4977-b254-4663950d210f",
|
|
|
|
"indicator--59b7f2d3-a6f8-4a07-a83d-4729950d210f",
|
|
|
|
"indicator--59b7f2d3-46d0-4d31-bed2-432c950d210f",
|
|
|
|
"observed-data--59b7f2d3-fb74-49d9-bf1d-4c5b950d210f",
|
|
|
|
"network-traffic--59b7f2d3-fb74-49d9-bf1d-4c5b950d210f",
|
|
|
|
"ipv4-addr--59b7f2d3-fb74-49d9-bf1d-4c5b950d210f",
|
|
|
|
"indicator--59b7f2d4-4714-42da-936a-49ce950d210f",
|
|
|
|
"indicator--59b7f2d4-ddd0-4619-8c17-40a3950d210f",
|
|
|
|
"observed-data--59b7f2d4-ac94-47f4-b270-4d4f950d210f",
|
|
|
|
"network-traffic--59b7f2d4-ac94-47f4-b270-4d4f950d210f",
|
|
|
|
"ipv4-addr--59b7f2d4-ac94-47f4-b270-4d4f950d210f",
|
|
|
|
"indicator--59b7f2d4-5364-4af4-aa70-4f3c950d210f",
|
|
|
|
"indicator--59b7f2d5-08c0-4d91-b027-40f9950d210f",
|
|
|
|
"observed-data--59b7f2d5-ee54-4048-b393-4378950d210f",
|
|
|
|
"network-traffic--59b7f2d5-ee54-4048-b393-4378950d210f",
|
|
|
|
"ipv4-addr--59b7f2d5-ee54-4048-b393-4378950d210f",
|
|
|
|
"indicator--59b7f2d5-0d48-424e-9713-4835950d210f",
|
|
|
|
"indicator--59b7f2d6-f34c-4b25-a388-40da950d210f",
|
|
|
|
"observed-data--59b7f2d6-4ab8-46c3-87d5-45a7950d210f",
|
|
|
|
"network-traffic--59b7f2d6-4ab8-46c3-87d5-45a7950d210f",
|
|
|
|
"ipv4-addr--59b7f2d6-4ab8-46c3-87d5-45a7950d210f",
|
|
|
|
"indicator--59b7f2d6-d968-4219-9ab8-4fa4950d210f",
|
|
|
|
"indicator--59b7f2d7-3314-4f5b-a055-45d0950d210f",
|
|
|
|
"observed-data--59b7f2d7-3a90-4dca-9e2e-4695950d210f",
|
|
|
|
"network-traffic--59b7f2d7-3a90-4dca-9e2e-4695950d210f",
|
|
|
|
"ipv4-addr--59b7f2d7-3a90-4dca-9e2e-4695950d210f",
|
|
|
|
"indicator--59b7f2d7-d6d8-43af-9c0b-4c34950d210f",
|
|
|
|
"indicator--59b7f2d8-1a00-4797-841a-4f1d950d210f",
|
|
|
|
"observed-data--59b7f2d8-abc4-46d8-9149-4978950d210f",
|
|
|
|
"network-traffic--59b7f2d8-abc4-46d8-9149-4978950d210f",
|
|
|
|
"ipv4-addr--59b7f2d8-abc4-46d8-9149-4978950d210f",
|
|
|
|
"indicator--59b7f2d8-687c-47da-ac59-40c3950d210f",
|
|
|
|
"indicator--59b7f2d8-c890-4bc8-b017-02fc950d210f",
|
|
|
|
"observed-data--59b7f2d9-1628-44c6-bc54-457e950d210f",
|
|
|
|
"network-traffic--59b7f2d9-1628-44c6-bc54-457e950d210f",
|
|
|
|
"ipv4-addr--59b7f2d9-1628-44c6-bc54-457e950d210f",
|
|
|
|
"indicator--59b7f2d9-c7f4-416d-addf-465d950d210f",
|
|
|
|
"indicator--59b7f2d9-8a88-463c-9c74-43b6950d210f",
|
|
|
|
"observed-data--59b7f2da-0e50-4614-b5a1-4a25950d210f",
|
|
|
|
"network-traffic--59b7f2da-0e50-4614-b5a1-4a25950d210f",
|
|
|
|
"ipv4-addr--59b7f2da-0e50-4614-b5a1-4a25950d210f",
|
|
|
|
"indicator--59b7f2da-4b10-4fc3-8484-4f53950d210f",
|
|
|
|
"indicator--59b7f2da-58f0-459b-8279-4fac950d210f",
|
|
|
|
"observed-data--59b7f2db-aff8-459d-9e2f-4b96950d210f",
|
|
|
|
"network-traffic--59b7f2db-aff8-459d-9e2f-4b96950d210f",
|
|
|
|
"ipv4-addr--59b7f2db-aff8-459d-9e2f-4b96950d210f",
|
|
|
|
"indicator--59b7f2db-f200-45db-8950-406b950d210f",
|
|
|
|
"indicator--59b7f2db-498c-46af-abaa-43e5950d210f",
|
|
|
|
"indicator--59b7f2dc-5f2c-4d37-aef1-4465950d210f",
|
|
|
|
"indicator--59b7f2dc-83dc-40c1-9b64-4ec7950d210f",
|
|
|
|
"observed-data--59b7f2dc-53b0-4435-a751-02fc950d210f",
|
|
|
|
"network-traffic--59b7f2dc-53b0-4435-a751-02fc950d210f",
|
|
|
|
"ipv4-addr--59b7f2dc-53b0-4435-a751-02fc950d210f",
|
|
|
|
"indicator--59b7f2dc-6558-4888-975f-44cd950d210f",
|
|
|
|
"indicator--59b7f2dd-1b4c-4c20-8d7f-4c6c950d210f",
|
|
|
|
"observed-data--59b7f2dd-73fc-466d-b0c4-4351950d210f",
|
|
|
|
"network-traffic--59b7f2dd-73fc-466d-b0c4-4351950d210f",
|
|
|
|
"ipv4-addr--59b7f2dd-73fc-466d-b0c4-4351950d210f",
|
|
|
|
"indicator--59b7f2dd-5570-4460-8727-4876950d210f",
|
|
|
|
"indicator--59b7f2dd-1ae8-47e3-9e3d-4eba950d210f",
|
|
|
|
"observed-data--59b7f2de-4940-4aee-b205-4afc950d210f",
|
|
|
|
"network-traffic--59b7f2de-4940-4aee-b205-4afc950d210f",
|
|
|
|
"ipv4-addr--59b7f2de-4940-4aee-b205-4afc950d210f",
|
|
|
|
"indicator--59b7f2de-7784-4802-887a-43db950d210f",
|
|
|
|
"indicator--59b7f2df-cb50-4d19-aba2-4b8b950d210f",
|
|
|
|
"observed-data--59b7f2df-7f28-4cc9-96c8-4493950d210f",
|
|
|
|
"network-traffic--59b7f2df-7f28-4cc9-96c8-4493950d210f",
|
|
|
|
"ipv4-addr--59b7f2df-7f28-4cc9-96c8-4493950d210f",
|
|
|
|
"indicator--59b7f2df-0d20-4f31-bd0b-4388950d210f",
|
|
|
|
"indicator--59b7f2df-e270-4516-8dcd-498b950d210f",
|
|
|
|
"observed-data--59b7f2e0-38a8-49ea-a767-49b6950d210f",
|
|
|
|
"network-traffic--59b7f2e0-38a8-49ea-a767-49b6950d210f",
|
|
|
|
"ipv4-addr--59b7f2e0-38a8-49ea-a767-49b6950d210f",
|
|
|
|
"indicator--59b7f2e0-9f44-4b5e-a669-02fc950d210f",
|
|
|
|
"indicator--59b7f2e0-9988-458f-b46c-41cb950d210f",
|
|
|
|
"observed-data--59b7f2e0-dca4-48f0-a1c7-42db950d210f",
|
|
|
|
"network-traffic--59b7f2e0-dca4-48f0-a1c7-42db950d210f",
|
|
|
|
"ipv4-addr--59b7f2e0-dca4-48f0-a1c7-42db950d210f",
|
|
|
|
"indicator--59b7f2e0-f2e0-4eec-92a0-4d1c950d210f",
|
|
|
|
"indicator--59b7f2e1-1e1c-4d36-90a5-4776950d210f",
|
|
|
|
"indicator--59b7f2e1-dc50-4b10-a40e-4146950d210f",
|
|
|
|
"indicator--59b7f2e1-a2c4-47de-8922-4f85950d210f",
|
|
|
|
"observed-data--59b7f2e2-5b00-4c11-9e2d-4b13950d210f",
|
|
|
|
"network-traffic--59b7f2e2-5b00-4c11-9e2d-4b13950d210f",
|
|
|
|
"ipv4-addr--59b7f2e2-5b00-4c11-9e2d-4b13950d210f",
|
|
|
|
"indicator--59b7f2e2-1a88-4f77-968e-4eff950d210f",
|
|
|
|
"indicator--59b7f2e2-114c-4e7a-bb6e-4115950d210f",
|
|
|
|
"indicator--59b7f2e3-6cfc-4433-9db7-40cb950d210f",
|
|
|
|
"indicator--59b7f2e3-3b1c-4e63-b663-4d3b950d210f",
|
|
|
|
"observed-data--59b7f2e3-bfd4-450d-baee-4b35950d210f",
|
|
|
|
"network-traffic--59b7f2e3-bfd4-450d-baee-4b35950d210f",
|
|
|
|
"ipv4-addr--59b7f2e3-bfd4-450d-baee-4b35950d210f",
|
|
|
|
"indicator--59b7f2e3-e9ec-4bfa-9f81-02fc950d210f",
|
|
|
|
"indicator--59b7f2e4-299c-4888-a39e-4704950d210f",
|
|
|
|
"observed-data--59b7f2e4-c014-432a-aaab-4cf5950d210f",
|
|
|
|
"network-traffic--59b7f2e4-c014-432a-aaab-4cf5950d210f",
|
|
|
|
"ipv4-addr--59b7f2e4-c014-432a-aaab-4cf5950d210f",
|
|
|
|
"indicator--59b7f2e4-a2e4-4bca-afc0-44e7950d210f",
|
|
|
|
"indicator--59b7f2e4-3a64-4b7e-9a39-4d2a950d210f",
|
|
|
|
"observed-data--59b7f2e5-72a4-4201-a577-46bf950d210f",
|
|
|
|
"network-traffic--59b7f2e5-72a4-4201-a577-46bf950d210f",
|
|
|
|
"ipv4-addr--59b7f2e5-72a4-4201-a577-46bf950d210f",
|
|
|
|
"indicator--59b7f2e5-61dc-4cf1-a704-461b950d210f",
|
|
|
|
"indicator--59b7f2e5-9de0-440f-8e51-4c0f950d210f",
|
|
|
|
"indicator--59b7f2e6-256c-4d86-bb13-450d950d210f",
|
|
|
|
"indicator--59b7f2e6-aebc-494d-ab50-46bd950d210f",
|
|
|
|
"observed-data--59b7f2e6-11d4-49ef-b221-4ee1950d210f",
|
|
|
|
"network-traffic--59b7f2e6-11d4-49ef-b221-4ee1950d210f",
|
|
|
|
"ipv4-addr--59b7f2e6-11d4-49ef-b221-4ee1950d210f",
|
|
|
|
"indicator--59b7f2e6-fad4-43ae-837d-425f950d210f",
|
|
|
|
"indicator--59b7f2e7-e264-4fd6-8ac7-489a950d210f",
|
|
|
|
"observed-data--59b7f2e7-1c50-4bc8-aae4-02fc950d210f",
|
|
|
|
"network-traffic--59b7f2e7-1c50-4bc8-aae4-02fc950d210f",
|
|
|
|
"ipv4-addr--59b7f2e7-1c50-4bc8-aae4-02fc950d210f",
|
|
|
|
"indicator--59b7f2e7-cb00-4000-b621-4729950d210f",
|
|
|
|
"indicator--59b7f2e8-b4e4-4629-98c4-4bf4950d210f",
|
|
|
|
"indicator--59b7f2e8-0eb0-4f9d-9fad-4e72950d210f",
|
|
|
|
"indicator--59b7f2e8-a4ac-4dd2-936f-4fb3950d210f",
|
|
|
|
"indicator--59b7f2e9-536c-4b69-bc90-4065950d210f",
|
|
|
|
"indicator--59b7f2e9-a18c-486d-8507-4e9c950d210f",
|
|
|
|
"observed-data--59b7f2e9-3bd4-4639-b9dd-4673950d210f",
|
|
|
|
"network-traffic--59b7f2e9-3bd4-4639-b9dd-4673950d210f",
|
|
|
|
"ipv4-addr--59b7f2e9-3bd4-4639-b9dd-4673950d210f",
|
|
|
|
"indicator--59b7f2e9-a4f0-4903-9f74-4e0a950d210f",
|
|
|
|
"indicator--59b7f2e9-1238-4ea9-926a-4960950d210f",
|
|
|
|
"observed-data--59b7f2ea-4fe0-465e-b024-4aba950d210f",
|
|
|
|
"network-traffic--59b7f2ea-4fe0-465e-b024-4aba950d210f",
|
|
|
|
"ipv4-addr--59b7f2ea-4fe0-465e-b024-4aba950d210f",
|
|
|
|
"indicator--59b7f2ea-f6c4-4aa2-a677-40b5950d210f",
|
|
|
|
"indicator--59b7f2ea-20b4-4224-9cd7-4ff5950d210f",
|
|
|
|
"observed-data--59b7f2ea-6cf4-46c9-899b-487e950d210f",
|
|
|
|
"network-traffic--59b7f2ea-6cf4-46c9-899b-487e950d210f",
|
|
|
|
"ipv4-addr--59b7f2ea-6cf4-46c9-899b-487e950d210f",
|
|
|
|
"indicator--59b7f2eb-7824-4fcf-8e56-48ff950d210f",
|
|
|
|
"indicator--59b7f2eb-b9cc-436b-b22d-4dde950d210f",
|
|
|
|
"observed-data--59b7f2eb-2fc8-4433-908c-437c950d210f",
|
|
|
|
"network-traffic--59b7f2eb-2fc8-4433-908c-437c950d210f",
|
|
|
|
"ipv4-addr--59b7f2eb-2fc8-4433-908c-437c950d210f",
|
|
|
|
"indicator--59b7f2eb-61bc-4b36-b712-41c3950d210f",
|
|
|
|
"indicator--59b7f2eb-ea3c-4aa0-80f2-409e950d210f",
|
|
|
|
"observed-data--59b7f2ec-3e88-4cc4-84bb-47b4950d210f",
|
|
|
|
"network-traffic--59b7f2ec-3e88-4cc4-84bb-47b4950d210f",
|
|
|
|
"ipv4-addr--59b7f2ec-3e88-4cc4-84bb-47b4950d210f",
|
|
|
|
"indicator--59b7f2ec-00a4-46cb-8fbf-4080950d210f",
|
|
|
|
"indicator--59b7f2ec-0d0c-4fd4-ae57-4455950d210f",
|
|
|
|
"observed-data--59b7f2ed-6fa8-4e8f-a691-420b950d210f",
|
|
|
|
"network-traffic--59b7f2ed-6fa8-4e8f-a691-420b950d210f",
|
|
|
|
"ipv4-addr--59b7f2ed-6fa8-4e8f-a691-420b950d210f",
|
|
|
|
"indicator--59b7f2ed-0ad4-45fe-889b-45d4950d210f",
|
|
|
|
"indicator--59b7f2ed-bca8-4caa-96fc-4d6f950d210f",
|
|
|
|
"observed-data--59b7f2ed-6e88-4b7e-8e13-4b85950d210f",
|
|
|
|
"network-traffic--59b7f2ed-6e88-4b7e-8e13-4b85950d210f",
|
|
|
|
"ipv4-addr--59b7f2ed-6e88-4b7e-8e13-4b85950d210f",
|
|
|
|
"indicator--59b7f2ed-1990-46de-9d4a-4c83950d210f",
|
|
|
|
"indicator--59b7f2ee-278c-4b75-a0c2-44c2950d210f",
|
|
|
|
"observed-data--59b7f2ee-7e68-4fde-97f9-4d31950d210f",
|
|
|
|
"network-traffic--59b7f2ee-7e68-4fde-97f9-4d31950d210f",
|
|
|
|
"ipv4-addr--59b7f2ee-7e68-4fde-97f9-4d31950d210f",
|
|
|
|
"indicator--59b7f2ee-db00-4cef-a9ef-4548950d210f",
|
|
|
|
"indicator--59b7f2ee-2ea4-4db4-9141-4c55950d210f",
|
|
|
|
"observed-data--59b7f2ee-46d4-42e8-ae0d-4ad5950d210f",
|
|
|
|
"network-traffic--59b7f2ee-46d4-42e8-ae0d-4ad5950d210f",
|
|
|
|
"ipv4-addr--59b7f2ee-46d4-42e8-ae0d-4ad5950d210f",
|
|
|
|
"indicator--59b7f2ef-0d6c-4b4f-8ab1-45b0950d210f",
|
|
|
|
"indicator--59b7f2ef-6cf4-41c4-9a21-4e7f950d210f",
|
|
|
|
"observed-data--59b7f2f4-6ae0-4c61-8ea8-4c1a950d210f",
|
|
|
|
"network-traffic--59b7f2f4-6ae0-4c61-8ea8-4c1a950d210f",
|
|
|
|
"ipv4-addr--59b7f2f4-6ae0-4c61-8ea8-4c1a950d210f",
|
|
|
|
"indicator--59b7f2f4-7e88-4838-b7ae-44f6950d210f",
|
|
|
|
"indicator--59b7f2f5-9b08-4b1c-b578-40e4950d210f",
|
|
|
|
"observed-data--59b7f2f5-0144-4eb6-bc46-4d5b950d210f",
|
|
|
|
"network-traffic--59b7f2f5-0144-4eb6-bc46-4d5b950d210f",
|
|
|
|
"ipv4-addr--59b7f2f5-0144-4eb6-bc46-4d5b950d210f",
|
|
|
|
"observed-data--59b7f2f5-7db4-482e-bb36-4404950d210f",
|
|
|
|
"url--59b7f2f5-7db4-482e-bb36-4404950d210f",
|
|
|
|
"observed-data--59b7f2f5-80a8-4bb0-88d2-4e5d950d210f",
|
|
|
|
"network-traffic--59b7f2f5-80a8-4bb0-88d2-4e5d950d210f",
|
|
|
|
"ipv4-addr--59b7f2f5-80a8-4bb0-88d2-4e5d950d210f",
|
|
|
|
"indicator--59b7f2f5-baf4-45dc-bf5c-4299950d210f",
|
|
|
|
"indicator--59b7f2f6-ace8-47ba-8706-48bd950d210f",
|
|
|
|
"indicator--59b7f2f6-b5c8-4bd4-bd02-43b0950d210f",
|
|
|
|
"indicator--59b7f2f6-3e7c-4d5c-a3e7-4bc5950d210f",
|
|
|
|
"indicator--59b7f2f6-961c-48dd-a916-4b26950d210f",
|
|
|
|
"indicator--59b7f2f7-bc04-4116-9471-4df9950d210f",
|
|
|
|
"indicator--59b7f2f7-238c-4f17-afdc-4957950d210f",
|
|
|
|
"indicator--59b7f2f7-7a78-4b67-8816-450b950d210f",
|
|
|
|
"indicator--59b7f2f7-19f4-4d93-9884-424e950d210f",
|
|
|
|
"indicator--59b7f2f7-da40-46ee-a700-02fc950d210f",
|
|
|
|
"indicator--59b7f2f8-1494-48f2-8aa7-4ffe950d210f",
|
|
|
|
"indicator--59b7f2f8-8e5c-4a14-ad33-4e6c950d210f",
|
|
|
|
"indicator--59b7f2f8-9cbc-4db8-9057-48a1950d210f",
|
|
|
|
"indicator--59b7f2f8-4fac-43be-b4e9-4b5c950d210f",
|
|
|
|
"indicator--59b7f2f8-349c-4d29-b262-4178950d210f",
|
|
|
|
"indicator--59b7f2f9-d4d0-4055-8f0c-45ea950d210f",
|
|
|
|
"indicator--59b7f2f9-49c8-4ab9-8800-4d41950d210f",
|
|
|
|
"indicator--59b7f2f9-7ea4-4419-95b1-4485950d210f",
|
|
|
|
"indicator--59b7f2f9-120c-4cf9-9518-4306950d210f",
|
|
|
|
"indicator--59b7f2fa-411c-4c26-8245-4e07950d210f",
|
|
|
|
"indicator--59b7f2fa-a554-45bd-99e1-02fc950d210f",
|
|
|
|
"indicator--59b7f2fa-87a4-45dd-9f2c-42b0950d210f",
|
|
|
|
"indicator--59b7f2fa-3adc-4dd8-b8b2-4b3b950d210f",
|
|
|
|
"indicator--59b7f2fa-c814-466a-baf8-4c63950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
|
|
"misp-galaxy:ransomware=\"Locky\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2a7-869c-4013-bafc-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:51.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:51.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '7939128a07bfd9ead222fdc392fc42d5']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2a7-b894-4184-b613-4cd3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:51.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:51.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '2c163be10c2dcd9b96243bd8175889d4']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2a8-81fc-4dcf-87ec-4389950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:52.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:52.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:43:52Z",
|
|
|
|
"last_observed": "2017-09-12T14:43:52Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2a8-81fc-4dcf-87ec-4389950d210f",
|
|
|
|
"ipv4-addr--59b7f2a8-81fc-4dcf-87ec-4389950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2a8-81fc-4dcf-87ec-4389950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2a8-81fc-4dcf-87ec-4389950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2a8-81fc-4dcf-87ec-4389950d210f",
|
|
|
|
"value": "178.236.6.251"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2a9-ac3c-428b-84c5-43d8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:53.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:53.000Z",
|
|
|
|
"pattern": "[url:value = 'http://17nudos.es/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2a9-e624-40b6-bcc5-48f6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:53.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:53.000Z",
|
|
|
|
"pattern": "[domain-name:value = '17nudos.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2a9-ab3c-41da-bf49-4bec950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:53.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:53.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:43:53Z",
|
|
|
|
"last_observed": "2017-09-12T14:43:53Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2a9-ab3c-41da-bf49-4bec950d210f",
|
|
|
|
"ipv4-addr--59b7f2a9-ab3c-41da-bf49-4bec950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2a9-ab3c-41da-bf49-4bec950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2a9-ab3c-41da-bf49-4bec950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2a9-ab3c-41da-bf49-4bec950d210f",
|
|
|
|
"value": "185.18.198.158"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2a9-dc58-43b4-b0c1-466e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:53.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:53.000Z",
|
|
|
|
"pattern": "[url:value = 'http://apeshitcartoon.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2aa-9148-41e4-86c3-4612950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:54.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:54.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'apeshitcartoon.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2aa-d9b8-4289-a4c6-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:54.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:54.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:43:54Z",
|
|
|
|
"last_observed": "2017-09-12T14:43:54Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2aa-d9b8-4289-a4c6-02fc950d210f",
|
|
|
|
"ipv4-addr--59b7f2aa-d9b8-4289-a4c6-02fc950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2aa-d9b8-4289-a4c6-02fc950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2aa-d9b8-4289-a4c6-02fc950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2aa-d9b8-4289-a4c6-02fc950d210f",
|
|
|
|
"value": "66.36.165.149"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2aa-60dc-4753-a2ba-45a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:54.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:54.000Z",
|
|
|
|
"pattern": "[url:value = 'http://artiacucar.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2aa-0c5c-474b-8011-4e6d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:54.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:54.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'artiacucar.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ab-faa4-4be8-9af9-4d19950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:55.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:55.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:43:55Z",
|
|
|
|
"last_observed": "2017-09-12T14:43:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ab-faa4-4be8-9af9-4d19950d210f",
|
|
|
|
"ipv4-addr--59b7f2ab-faa4-4be8-9af9-4d19950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ab-faa4-4be8-9af9-4d19950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ab-faa4-4be8-9af9-4d19950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ab-faa4-4be8-9af9-4d19950d210f",
|
|
|
|
"value": "109.71.45.235"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ab-31d4-4c97-9c5f-4857950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:55.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://asilk.co.uk/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ac-c448-4ec1-85f9-41e2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:56.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:56.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'asilk.co.uk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ac-3ae4-4f87-938a-4221950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:56.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:56.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:43:56Z",
|
|
|
|
"last_observed": "2017-09-12T14:43:56Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ac-3ae4-4f87-938a-4221950d210f",
|
|
|
|
"ipv4-addr--59b7f2ac-3ae4-4f87-938a-4221950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ac-3ae4-4f87-938a-4221950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ac-3ae4-4f87-938a-4221950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ac-3ae4-4f87-938a-4221950d210f",
|
|
|
|
"value": "109.104.88.126"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ac-a858-4c0b-aff6-46cb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:56.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:56.000Z",
|
|
|
|
"pattern": "[url:value = 'http://autoecole91.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ac-1df4-48bf-b902-46fd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:56.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:56.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'autoecole91.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ac-5434-4b35-be53-47f7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:56.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:56.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:43:56Z",
|
|
|
|
"last_observed": "2017-09-12T14:43:56Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ac-5434-4b35-be53-47f7950d210f",
|
|
|
|
"ipv4-addr--59b7f2ac-5434-4b35-be53-47f7950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ac-5434-4b35-be53-47f7950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ac-5434-4b35-be53-47f7950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ac-5434-4b35-be53-47f7950d210f",
|
|
|
|
"value": "178.20.66.207"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ad-a560-466f-acea-4d4a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:57.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://boxsterlee.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ad-c64c-4f21-b166-4a96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:57.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:57.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'boxsterlee.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ad-1384-4d33-aef0-40e2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:57.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:57.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:43:57Z",
|
|
|
|
"last_observed": "2017-09-12T14:43:57Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ad-1384-4d33-aef0-40e2950d210f",
|
|
|
|
"ipv4-addr--59b7f2ad-1384-4d33-aef0-40e2950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ad-1384-4d33-aef0-40e2950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ad-1384-4d33-aef0-40e2950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ad-1384-4d33-aef0-40e2950d210f",
|
|
|
|
"value": "98.124.252.176"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ad-dcac-42df-bf55-4f12950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:57.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://carolineconduiteformation.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ad-a1ac-4054-873e-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:57.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:57.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'carolineconduiteformation.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ae-a408-4c1a-9409-4fae950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:58.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:58.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:43:58Z",
|
|
|
|
"last_observed": "2017-09-12T14:43:58Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ae-a408-4c1a-9409-4fae950d210f",
|
|
|
|
"ipv4-addr--59b7f2ae-a408-4c1a-9409-4fae950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ae-a408-4c1a-9409-4fae950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ae-a408-4c1a-9409-4fae950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ae-a408-4c1a-9409-4fae950d210f",
|
|
|
|
"value": "193.227.248.241"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ae-3ec8-433e-9c67-4ded950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:58.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:58.000Z",
|
|
|
|
"pattern": "[url:value = 'http://davidb.webpipe.net/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ae-a594-403d-9677-44f3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:43:58.000Z",
|
|
|
|
"modified": "2017-09-12T14:43:58.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'davidb.webpipe.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:43:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2b0-7220-49ab-993b-4e5e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:00.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:00.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:00Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2b0-7220-49ab-993b-4e5e950d210f",
|
|
|
|
"ipv4-addr--59b7f2b0-7220-49ab-993b-4e5e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2b0-7220-49ab-993b-4e5e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2b0-7220-49ab-993b-4e5e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2b0-7220-49ab-993b-4e5e950d210f",
|
|
|
|
"value": "173.192.66.137"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b0-9ac8-4da2-9f6b-42cd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:00.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:00.000Z",
|
|
|
|
"pattern": "[url:value = 'http://dersinghamarttrail.org/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b1-b168-4d01-a2ad-4c32950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:01.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'dersinghamarttrail.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2b1-5dc0-4e51-b891-4f34950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:01.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:01.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:01Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2b1-5dc0-4e51-b891-4f34950d210f",
|
|
|
|
"ipv4-addr--59b7f2b1-5dc0-4e51-b891-4f34950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2b1-5dc0-4e51-b891-4f34950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2b1-5dc0-4e51-b891-4f34950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2b1-5dc0-4e51-b891-4f34950d210f",
|
|
|
|
"value": "66.199.174.108"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b1-b17c-49cf-8a97-4d84950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:01.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://feelingconduite.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b2-7850-4e2b-800e-4085950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:02.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:02.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'feelingconduite.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b2-361c-43db-837c-43a6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:02.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:02.000Z",
|
|
|
|
"pattern": "[url:value = 'http://fliesenfink.de/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b2-9cf0-4969-b18a-42f0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:02.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:02.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'fliesenfink.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2b2-4e9c-4e16-b726-4c02950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:02.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:02.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:02Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2b2-4e9c-4e16-b726-4c02950d210f",
|
|
|
|
"ipv4-addr--59b7f2b2-4e9c-4e16-b726-4c02950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2b2-4e9c-4e16-b726-4c02950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2b2-4e9c-4e16-b726-4c02950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2b2-4e9c-4e16-b726-4c02950d210f",
|
|
|
|
"value": "195.210.48.104"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b3-d35c-4090-bedd-4b2a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:03.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:03.000Z",
|
|
|
|
"pattern": "[url:value = 'http://foundal.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b3-c68c-42a9-aa43-4599950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:03.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:03.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'foundal.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2b3-dff8-437c-912b-4acf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:03.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:03.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:03Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:03Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2b3-dff8-437c-912b-4acf950d210f",
|
|
|
|
"ipv4-addr--59b7f2b3-dff8-437c-912b-4acf950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2b3-dff8-437c-912b-4acf950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2b3-dff8-437c-912b-4acf950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2b3-dff8-437c-912b-4acf950d210f",
|
|
|
|
"value": "185.91.108.45"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b3-4ac8-456f-80e6-47e2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:03.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:03.000Z",
|
|
|
|
"pattern": "[url:value = 'http://geltro.pt/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b4-6734-44e9-8eea-48ec950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:04.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:04.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'geltro.pt']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2b4-8790-4f33-a1ee-4a92950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:04.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:04.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:04Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:04Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2b4-8790-4f33-a1ee-4a92950d210f",
|
|
|
|
"ipv4-addr--59b7f2b4-8790-4f33-a1ee-4a92950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2b4-8790-4f33-a1ee-4a92950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2b4-8790-4f33-a1ee-4a92950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2b4-8790-4f33-a1ee-4a92950d210f",
|
|
|
|
"value": "109.71.42.24"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b4-fd40-4d51-bc61-4781950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:04.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:04.000Z",
|
|
|
|
"pattern": "[url:value = 'http://hwayou.com.tw/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b4-72a8-42e9-ad94-4db6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:04.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:04.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'hwayou.com.tw']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:04Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2b6-d470-462a-bdd1-4054950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:06.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:06.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:06Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:06Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2b6-d470-462a-bdd1-4054950d210f",
|
|
|
|
"ipv4-addr--59b7f2b6-d470-462a-bdd1-4054950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2b6-d470-462a-bdd1-4054950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2b6-d470-462a-bdd1-4054950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2b6-d470-462a-bdd1-4054950d210f",
|
|
|
|
"value": "60.199.166.91"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b6-a4cc-46d9-8b3a-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:06.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:06.000Z",
|
|
|
|
"pattern": "[url:value = 'http://istanbul-amerikankapi-mutfakdolabi-parke-fiyatlari-modelleri.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b6-2a2c-46d0-8c73-40c9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:06.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:06.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'istanbul-amerikankapi-mutfakdolabi-parke-fiyatlari-modelleri.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:06Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2b7-7320-4a0d-8e92-4cbd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:07.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:07.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:07Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:07Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2b7-7320-4a0d-8e92-4cbd950d210f",
|
|
|
|
"ipv4-addr--59b7f2b7-7320-4a0d-8e92-4cbd950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2b7-7320-4a0d-8e92-4cbd950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2b7-7320-4a0d-8e92-4cbd950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2b7-7320-4a0d-8e92-4cbd950d210f",
|
|
|
|
"value": "46.235.11.61"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b7-1fb0-4926-94a3-46e9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:07.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:07.000Z",
|
|
|
|
"pattern": "[url:value = 'http://karmacom.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b7-89b0-4fa5-9893-454e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:07.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:07.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'karmacom.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:07Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2b7-4fc8-41a1-adc6-478b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:07.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:07.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:07Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:07Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2b7-4fc8-41a1-adc6-478b950d210f",
|
|
|
|
"ipv4-addr--59b7f2b7-4fc8-41a1-adc6-478b950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2b7-4fc8-41a1-adc6-478b950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2b7-4fc8-41a1-adc6-478b950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2b7-4fc8-41a1-adc6-478b950d210f",
|
|
|
|
"value": "108.163.244.138"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b8-e5c0-490b-b718-4621950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:08.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:08.000Z",
|
|
|
|
"pattern": "[url:value = 'http://knowledgelaunch.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b8-79cc-4d74-b236-4037950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:08.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:08.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'knowledgelaunch.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2b8-80b8-4734-863f-4724950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:08.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:08.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:08Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:08Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2b8-80b8-4734-863f-4724950d210f",
|
|
|
|
"ipv4-addr--59b7f2b8-80b8-4734-863f-4724950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2b8-80b8-4734-863f-4724950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2b8-80b8-4734-863f-4724950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2b8-80b8-4734-863f-4724950d210f",
|
|
|
|
"value": "216.185.144.168"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b9-dfcc-4fd3-8573-4d5e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:09.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:09.000Z",
|
|
|
|
"pattern": "[url:value = 'http://lacadosmurcia.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b9-8b34-4f82-ab5d-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:09.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:09.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'lacadosmurcia.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2b9-d504-4c1d-b907-49ba950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:09.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:09.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:09Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:09Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2b9-d504-4c1d-b907-49ba950d210f",
|
|
|
|
"ipv4-addr--59b7f2b9-d504-4c1d-b907-49ba950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2b9-d504-4c1d-b907-49ba950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2b9-d504-4c1d-b907-49ba950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2b9-d504-4c1d-b907-49ba950d210f",
|
|
|
|
"value": "212.63.108.71"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2b9-a7b8-40fb-8669-4329950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:09.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:09.000Z",
|
|
|
|
"pattern": "[url:value = 'http://l-ardagnole.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ba-230c-4368-8792-4b96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:10.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:10.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'l-ardagnole.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ba-d728-4dfc-9b66-431f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:10.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:10.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:10Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:10Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ba-d728-4dfc-9b66-431f950d210f",
|
|
|
|
"ipv4-addr--59b7f2ba-d728-4dfc-9b66-431f950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ba-d728-4dfc-9b66-431f950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ba-d728-4dfc-9b66-431f950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ba-d728-4dfc-9b66-431f950d210f",
|
|
|
|
"value": "98.124.251.68"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ba-fa40-428a-902f-4b0e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:10.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:10.000Z",
|
|
|
|
"pattern": "[url:value = 'http://laxitymedia.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ba-b8bc-4169-bf13-4e35950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:10.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:10.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'laxitymedia.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2bb-3d98-409d-b4b7-4063950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:11.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:11.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:11Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:11Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2bb-3d98-409d-b4b7-4063950d210f",
|
|
|
|
"ipv4-addr--59b7f2bb-3d98-409d-b4b7-4063950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2bb-3d98-409d-b4b7-4063950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2bb-3d98-409d-b4b7-4063950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2bb-3d98-409d-b4b7-4063950d210f",
|
|
|
|
"value": "87.106.217.173"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2bb-ea28-490e-a6b4-498c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:11.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:11.000Z",
|
|
|
|
"pattern": "[url:value = 'http://lionipema.nl/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2bb-1730-4cdc-a2b4-4dd3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:11.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:11.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'lionipema.nl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2bb-ebd4-4a09-b4fe-42af950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:11.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:11.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:11Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:11Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2bb-ebd4-4a09-b4fe-42af950d210f",
|
|
|
|
"ipv4-addr--59b7f2bb-ebd4-4a09-b4fe-42af950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2bb-ebd4-4a09-b4fe-42af950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2bb-ebd4-4a09-b4fe-42af950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2bb-ebd4-4a09-b4fe-42af950d210f",
|
|
|
|
"value": "46.235.47.78"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2bb-7868-4a6b-bff5-4401950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:11.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:11.000Z",
|
|
|
|
"pattern": "[url:value = 'http://loughboroughladiesdarts.co.uk/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2bc-175c-4534-a031-4d46950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:12.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'loughboroughladiesdarts.co.uk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2bc-cfec-4264-bf7a-4783950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:12.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:12.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:12Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:12Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2bc-cfec-4264-bf7a-4783950d210f",
|
|
|
|
"ipv4-addr--59b7f2bc-cfec-4264-bf7a-4783950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2bc-cfec-4264-bf7a-4783950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2bc-cfec-4264-bf7a-4783950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2bc-cfec-4264-bf7a-4783950d210f",
|
|
|
|
"value": "94.76.212.128"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2bc-d804-4f71-af21-4ad7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:12.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:12.000Z",
|
|
|
|
"pattern": "[url:value = 'http://maespirit.eu/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2bc-d058-4975-963f-470f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:12.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'maespirit.eu']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2bd-5b38-49c0-97d3-47b9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:13.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:13.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:13Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:13Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2bd-5b38-49c0-97d3-47b9950d210f",
|
|
|
|
"ipv4-addr--59b7f2bd-5b38-49c0-97d3-47b9950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2bd-5b38-49c0-97d3-47b9950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2bd-5b38-49c0-97d3-47b9950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2bd-5b38-49c0-97d3-47b9950d210f",
|
|
|
|
"value": "176.31.125.185"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2bd-7614-4f49-aa72-47e7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:13.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:13.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mailedit.fr/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2bd-e1a8-4027-932a-47a3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:13.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:13.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mailedit.fr']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2bd-3888-46b3-b912-459c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:13.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:13.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:13Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:13Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2bd-3888-46b3-b912-459c950d210f",
|
|
|
|
"ipv4-addr--59b7f2bd-3888-46b3-b912-459c950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2bd-3888-46b3-b912-459c950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2bd-3888-46b3-b912-459c950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2bd-3888-46b3-b912-459c950d210f",
|
|
|
|
"value": "178.255.99.134"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2bd-bb1c-4320-ba46-459b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:13.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:13.000Z",
|
|
|
|
"pattern": "[url:value = 'http://marianna.it/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2be-7f6c-483d-bcff-43d3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:14.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'marianna.it']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2be-8c80-4104-b3b9-45ad950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:14.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:14.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:14Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:14Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2be-8c80-4104-b3b9-45ad950d210f",
|
|
|
|
"ipv4-addr--59b7f2be-8c80-4104-b3b9-45ad950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2be-8c80-4104-b3b9-45ad950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2be-8c80-4104-b3b9-45ad950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2be-8c80-4104-b3b9-45ad950d210f",
|
|
|
|
"value": "185.58.7.11"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2be-c00c-4578-88ca-4feb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:14.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:14.000Z",
|
|
|
|
"pattern": "[url:value = 'http://matthewharrison.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2be-a66c-47bf-9b7c-4edb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:14.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'matthewharrison.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2bf-bb0c-4b78-937d-45c3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:15.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:15.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:15Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:15Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2bf-bb0c-4b78-937d-45c3950d210f",
|
|
|
|
"ipv4-addr--59b7f2bf-bb0c-4b78-937d-45c3950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2bf-bb0c-4b78-937d-45c3950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2bf-bb0c-4b78-937d-45c3950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2bf-bb0c-4b78-937d-45c3950d210f",
|
|
|
|
"value": "107.180.78.137"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2bf-acd0-4d40-b419-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:15.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:15.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mautau.it/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2bf-5ae4-49b3-b260-4bc8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:15.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:15.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mautau.it']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:15Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2bf-eb28-43f6-a197-4127950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:15.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:15.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:15Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:15Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2bf-eb28-43f6-a197-4127950d210f",
|
|
|
|
"ipv4-addr--59b7f2bf-eb28-43f6-a197-4127950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2bf-eb28-43f6-a197-4127950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2bf-eb28-43f6-a197-4127950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2bf-eb28-43f6-a197-4127950d210f",
|
|
|
|
"value": "89.96.90.14"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c0-df8c-4de1-8de3-4735950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:16.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:16.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mckennittfamily.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c0-71b8-40e7-b40f-4a22950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:16.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:16.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mckennittfamily.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c0-49d4-4cb4-befc-421d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:16.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:16.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mixart.es/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c0-65e4-4a58-ad26-4353950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:16.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:16.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mixart.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:16Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2c1-7390-46ed-abc6-4708950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:17.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:17.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:17Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:17Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2c1-7390-46ed-abc6-4708950d210f",
|
|
|
|
"ipv4-addr--59b7f2c1-7390-46ed-abc6-4708950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2c1-7390-46ed-abc6-4708950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2c1-7390-46ed-abc6-4708950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2c1-7390-46ed-abc6-4708950d210f",
|
|
|
|
"value": "212.63.110.216"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c1-551c-4e89-85fa-4efa950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:17.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:17.000Z",
|
|
|
|
"pattern": "[url:value = 'http://motonauticaangerese.it/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c1-4f74-4dfa-9bee-4a7b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:17.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:17.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'motonauticaangerese.it']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c1-e7dc-40e0-8228-4833950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:17.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:17.000Z",
|
|
|
|
"pattern": "[url:value = 'http://myblogcu.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:17Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c2-f0e4-451a-9dbc-4751950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:18.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'myblogcu.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2c2-4d54-4777-892e-4175950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:18.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:18.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:18Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:18Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2c2-4d54-4777-892e-4175950d210f",
|
|
|
|
"ipv4-addr--59b7f2c2-4d54-4777-892e-4175950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2c2-4d54-4777-892e-4175950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2c2-4d54-4777-892e-4175950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2c2-4d54-4777-892e-4175950d210f",
|
|
|
|
"value": "185.93.71.152"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c2-8bd4-404c-b2fb-41d8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:18.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:18.000Z",
|
|
|
|
"pattern": "[url:value = 'http://neseker.com.tr/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c2-d24c-4bf2-a32d-4771950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:18.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:18.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'neseker.com.tr']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:18Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2c3-39a8-4b28-a49b-4479950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:19.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:19.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:19Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:19Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2c3-39a8-4b28-a49b-4479950d210f",
|
|
|
|
"ipv4-addr--59b7f2c3-39a8-4b28-a49b-4479950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2c3-39a8-4b28-a49b-4479950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2c3-39a8-4b28-a49b-4479950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2c3-39a8-4b28-a49b-4479950d210f",
|
|
|
|
"value": "185.131.50.100"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c3-8ec0-4f08-9aa7-42cc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:19.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:19.000Z",
|
|
|
|
"pattern": "[url:value = 'http://netmaiden.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c3-22fc-42f6-9791-45db950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:19.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:19.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'netmaiden.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:19Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c4-bdcc-48f9-afd1-41ba950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:20.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://niesenandsonlandscaping.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c4-6f6c-4476-87cc-4969950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:20.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'niesenandsonlandscaping.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2c4-fdd0-44f9-aef1-44dc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:20.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:20.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:20Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:20Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2c4-fdd0-44f9-aef1-44dc950d210f",
|
|
|
|
"ipv4-addr--59b7f2c4-fdd0-44f9-aef1-44dc950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2c4-fdd0-44f9-aef1-44dc950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2c4-fdd0-44f9-aef1-44dc950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2c4-fdd0-44f9-aef1-44dc950d210f",
|
|
|
|
"value": "74.208.110.125"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c4-4d84-4bf1-8ba5-4309950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:20.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:20.000Z",
|
|
|
|
"pattern": "[url:value = 'http://ohne-titel.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c4-abc8-4afa-b86d-49b6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:20.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:20.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ohne-titel.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:20Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2c5-2b44-4a79-a945-4ece950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:21.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:21.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:21Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:21Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2c5-2b44-4a79-a945-4ece950d210f",
|
|
|
|
"ipv4-addr--59b7f2c5-2b44-4a79-a945-4ece950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2c5-2b44-4a79-a945-4ece950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2c5-2b44-4a79-a945-4ece950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2c5-2b44-4a79-a945-4ece950d210f",
|
|
|
|
"value": "87.106.221.232"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c5-ad18-4d83-b243-4cec950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:21.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:21.000Z",
|
|
|
|
"pattern": "[url:value = 'http://okada-sushi.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c5-d8d4-46c2-8545-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:21.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:21.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'okada-sushi.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:21Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2c6-9dd8-4eff-bb9f-43c8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:22.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:22.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:22Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:22Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2c6-9dd8-4eff-bb9f-43c8950d210f",
|
|
|
|
"ipv4-addr--59b7f2c6-9dd8-4eff-bb9f-43c8950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2c6-9dd8-4eff-bb9f-43c8950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2c6-9dd8-4eff-bb9f-43c8950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2c6-9dd8-4eff-bb9f-43c8950d210f",
|
|
|
|
"value": "59.106.106.3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c6-4a88-4d5d-840e-4ce2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:22.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:22.000Z",
|
|
|
|
"pattern": "[url:value = 'http://onlinegolfwinkel.nl/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c6-8348-462f-894c-4da8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:22.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:22.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'onlinegolfwinkel.nl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:22Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2c7-aa50-47e2-b9be-41a6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:23.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:23.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:23Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:23Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2c7-aa50-47e2-b9be-41a6950d210f",
|
|
|
|
"ipv4-addr--59b7f2c7-aa50-47e2-b9be-41a6950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2c7-aa50-47e2-b9be-41a6950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2c7-aa50-47e2-b9be-41a6950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2c7-aa50-47e2-b9be-41a6950d210f",
|
|
|
|
"value": "81.26.213.24"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c7-97f8-4a3a-8437-4126950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:23.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:23.000Z",
|
|
|
|
"pattern": "[url:value = 'http://onmat.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c7-b50c-41fc-8807-440d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:23.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:23.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'onmat.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:23Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2c8-d488-4890-b41f-445e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:24.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:24.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:24Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:24Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2c8-d488-4890-b41f-445e950d210f",
|
|
|
|
"ipv4-addr--59b7f2c8-d488-4890-b41f-445e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2c8-d488-4890-b41f-445e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2c8-d488-4890-b41f-445e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2c8-d488-4890-b41f-445e950d210f",
|
|
|
|
"value": "64.6.250.125"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c8-df00-4149-8c6c-461d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:24.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:24.000Z",
|
|
|
|
"pattern": "[url:value = 'http://palestraeuropa.it/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c8-61d8-401e-a8b7-4730950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:24.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:24.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'palestraeuropa.it']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:24Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2c8-28f0-4ead-b5ab-4395950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:24.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:24.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:24Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:24Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2c8-28f0-4ead-b5ab-4395950d210f",
|
|
|
|
"ipv4-addr--59b7f2c8-28f0-4ead-b5ab-4395950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2c8-28f0-4ead-b5ab-4395950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2c8-28f0-4ead-b5ab-4395950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2c8-28f0-4ead-b5ab-4395950d210f",
|
|
|
|
"value": "193.254.241.230"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c9-2ae0-4736-b460-40b8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:25.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:25.000Z",
|
|
|
|
"pattern": "[url:value = 'http://parranda.uz/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2c9-721c-4874-9d19-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:25.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:25.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'parranda.uz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:25Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2c9-5464-4bea-a2db-491d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:25.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:25.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:25Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:25Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2c9-5464-4bea-a2db-491d950d210f",
|
|
|
|
"ipv4-addr--59b7f2c9-5464-4bea-a2db-491d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2c9-5464-4bea-a2db-491d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2c9-5464-4bea-a2db-491d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2c9-5464-4bea-a2db-491d950d210f",
|
|
|
|
"value": "62.209.133.18"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ca-4af0-41a6-83f7-48f2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:26.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:26.000Z",
|
|
|
|
"pattern": "[url:value = 'http://partnership-agreement.co.uk/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ca-439c-45f6-9422-46f9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:26.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:26.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'partnership-agreement.co.uk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ca-3260-40b9-8a7f-4ae6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:26.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:26.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:26Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:26Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ca-3260-40b9-8a7f-4ae6950d210f",
|
|
|
|
"ipv4-addr--59b7f2ca-3260-40b9-8a7f-4ae6950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ca-3260-40b9-8a7f-4ae6950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ca-3260-40b9-8a7f-4ae6950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ca-3260-40b9-8a7f-4ae6950d210f",
|
|
|
|
"value": "109.203.122.2"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ca-0e24-4cd1-a019-47d9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:26.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:26.000Z",
|
|
|
|
"pattern": "[url:value = 'http://parts-direct-uk.co.uk/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:26Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2cb-0028-473e-8a11-4578950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:27.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'parts-direct-uk.co.uk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2cb-2ee8-4fc8-b214-48da950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:27.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:27.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:27Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:27Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2cb-2ee8-4fc8-b214-48da950d210f",
|
|
|
|
"ipv4-addr--59b7f2cb-2ee8-4fc8-b214-48da950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2cb-2ee8-4fc8-b214-48da950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2cb-2ee8-4fc8-b214-48da950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2cb-2ee8-4fc8-b214-48da950d210f",
|
|
|
|
"value": "217.160.253.3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2cb-b8d0-4208-abd7-4629950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:27.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:27.000Z",
|
|
|
|
"pattern": "[url:value = 'http://perryroadrecords.co.uk/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2cb-a228-40cc-a5de-4007950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:27.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:27.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'perryroadrecords.co.uk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:27Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2cc-2ef4-439a-aade-45a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:27.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:27.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:27Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:27Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2cc-2ef4-439a-aade-45a1950d210f",
|
|
|
|
"ipv4-addr--59b7f2cc-2ef4-439a-aade-45a1950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2cc-2ef4-439a-aade-45a1950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2cc-2ef4-439a-aade-45a1950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2cc-2ef4-439a-aade-45a1950d210f",
|
|
|
|
"value": "78.109.169.56"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2cc-dafc-4f98-93d4-4787950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:28.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:28.000Z",
|
|
|
|
"pattern": "[url:value = 'http://poswin.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2cc-2230-4b57-97d5-4c3e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:28.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:28.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'poswin.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2cc-9264-42f3-9283-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:28.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:28.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:28Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:28Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2cc-9264-42f3-9283-02fc950d210f",
|
|
|
|
"ipv4-addr--59b7f2cc-9264-42f3-9283-02fc950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2cc-9264-42f3-9283-02fc950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2cc-9264-42f3-9283-02fc950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2cc-9264-42f3-9283-02fc950d210f",
|
|
|
|
"value": "91.121.133.16"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2cc-3680-4339-b5bf-4298950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:28.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:28.000Z",
|
|
|
|
"pattern": "[url:value = 'http://proteinmarker.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:28Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2cd-ea6c-405b-af31-4bcc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:29.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:29.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'proteinmarker.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2cd-3fdc-47c8-b7aa-4051950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:29.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:29.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:29Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:29Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2cd-3fdc-47c8-b7aa-4051950d210f",
|
|
|
|
"ipv4-addr--59b7f2cd-3fdc-47c8-b7aa-4051950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2cd-3fdc-47c8-b7aa-4051950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2cd-3fdc-47c8-b7aa-4051950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2cd-3fdc-47c8-b7aa-4051950d210f",
|
|
|
|
"value": "66.36.160.116"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2cd-753c-4cd9-b495-49a9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:29.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:29.000Z",
|
|
|
|
"pattern": "[url:value = 'http://protoncancercenters.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:29Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ce-eca0-4908-9a54-4c2e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:30.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:30.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'protoncancercenters.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ce-c2e8-415e-974e-4f4b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:30.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:30.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:30Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:30Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ce-c2e8-415e-974e-4f4b950d210f",
|
|
|
|
"ipv4-addr--59b7f2ce-c2e8-415e-974e-4f4b950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ce-c2e8-415e-974e-4f4b950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ce-c2e8-415e-974e-4f4b950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ce-c2e8-415e-974e-4f4b950d210f",
|
|
|
|
"value": "67.21.115.77"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ce-7bfc-4f39-8bff-4620950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:30.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:30.000Z",
|
|
|
|
"pattern": "[url:value = 'http://pspcny.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:30Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2cf-ce98-4af7-b55a-462f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:31.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'pspcny.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2cf-e0e4-4608-b3b6-46fe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:31.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:31.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:31Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2cf-e0e4-4608-b3b6-46fe950d210f",
|
|
|
|
"ipv4-addr--59b7f2cf-e0e4-4608-b3b6-46fe950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2cf-e0e4-4608-b3b6-46fe950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2cf-e0e4-4608-b3b6-46fe950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2cf-e0e4-4608-b3b6-46fe950d210f",
|
|
|
|
"value": "162.212.87.74"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2cf-ffb8-4254-8890-461f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:31.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://rafaelgalindo.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2cf-dc40-41cf-8a1f-4bf8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:31.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rafaelgalindo.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2d0-6c14-4e7c-b0e7-4da5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:32.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:32.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:32Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:32Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2d0-6c14-4e7c-b0e7-4da5950d210f",
|
|
|
|
"ipv4-addr--59b7f2d0-6c14-4e7c-b0e7-4da5950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2d0-6c14-4e7c-b0e7-4da5950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2d0-6c14-4e7c-b0e7-4da5950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2d0-6c14-4e7c-b0e7-4da5950d210f",
|
|
|
|
"value": "94.23.224.229"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d0-1974-4b74-b80b-459d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:32.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:32.000Z",
|
|
|
|
"pattern": "[url:value = 'http://rancherovillagecircle.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d0-a810-4fa5-bada-4e78950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:32.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:32.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rancherovillagecircle.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:32Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d1-75c4-42a2-b555-4e42950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:33.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:33.000Z",
|
|
|
|
"pattern": "[url:value = 'http://rec-tec-ccr.nl/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d1-a718-4340-b133-43c9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:33.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:33.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rec-tec-ccr.nl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2d1-1e74-4011-adb2-4f90950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:33.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:33.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:33Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:33Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2d1-1e74-4011-adb2-4f90950d210f",
|
|
|
|
"ipv4-addr--59b7f2d1-1e74-4011-adb2-4f90950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2d1-1e74-4011-adb2-4f90950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2d1-1e74-4011-adb2-4f90950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2d1-1e74-4011-adb2-4f90950d210f",
|
|
|
|
"value": "46.235.44.98"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d1-3084-4c4a-bbfe-4cf0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:33.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:33.000Z",
|
|
|
|
"pattern": "[url:value = 'http://regardsurlatrisomie21.org/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:33Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d2-6758-4bc2-a8b5-486c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:34.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:34.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'regardsurlatrisomie21.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2d2-0be0-4038-bcec-48b0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:34.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:34.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:34Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:34Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2d2-0be0-4038-bcec-48b0950d210f",
|
|
|
|
"ipv4-addr--59b7f2d2-0be0-4038-bcec-48b0950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2d2-0be0-4038-bcec-48b0950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2d2-0be0-4038-bcec-48b0950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2d2-0be0-4038-bcec-48b0950d210f",
|
|
|
|
"value": "178.33.47.110"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d2-9a78-499d-8205-44c3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:34.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:34.000Z",
|
|
|
|
"pattern": "[url:value = 'http://rentwestq.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d2-4344-4c90-bad1-4759950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:34.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:34.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rentwestq.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:34Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2d3-1954-4977-b254-4663950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:35.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:35.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:35Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2d3-1954-4977-b254-4663950d210f",
|
|
|
|
"ipv4-addr--59b7f2d3-1954-4977-b254-4663950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2d3-1954-4977-b254-4663950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2d3-1954-4977-b254-4663950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2d3-1954-4977-b254-4663950d210f",
|
|
|
|
"value": "98.124.251.65"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d3-a6f8-4a07-a83d-4729950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:35.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:35.000Z",
|
|
|
|
"pattern": "[url:value = 'http://resincreations.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d3-46d0-4d31-bed2-432c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:35.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:35.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'resincreations.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2d3-fb74-49d9-bf1d-4c5b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:35.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:35.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:35Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2d3-fb74-49d9-bf1d-4c5b950d210f",
|
|
|
|
"ipv4-addr--59b7f2d3-fb74-49d9-bf1d-4c5b950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2d3-fb74-49d9-bf1d-4c5b950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2d3-fb74-49d9-bf1d-4c5b950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2d3-fb74-49d9-bf1d-4c5b950d210f",
|
|
|
|
"value": "184.168.74.13"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d4-4714-42da-936a-49ce950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:36.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:36.000Z",
|
|
|
|
"pattern": "[url:value = 'http://riinfo.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d4-ddd0-4619-8c17-40a3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:36.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:36.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'riinfo.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2d4-ac94-47f4-b270-4d4f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:36.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:36.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:36Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:36Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2d4-ac94-47f4-b270-4d4f950d210f",
|
|
|
|
"ipv4-addr--59b7f2d4-ac94-47f4-b270-4d4f950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2d4-ac94-47f4-b270-4d4f950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2d4-ac94-47f4-b270-4d4f950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2d4-ac94-47f4-b270-4d4f950d210f",
|
|
|
|
"value": "98.124.251.74"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d4-5364-4af4-aa70-4f3c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:36.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:36.000Z",
|
|
|
|
"pattern": "[url:value = 'http://rocknsoulamerica.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:36Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d5-08c0-4d91-b027-40f9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:37.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:37.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rocknsoulamerica.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2d5-ee54-4048-b393-4378950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:37.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:37.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:37Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:37Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2d5-ee54-4048-b393-4378950d210f",
|
|
|
|
"ipv4-addr--59b7f2d5-ee54-4048-b393-4378950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2d5-ee54-4048-b393-4378950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2d5-ee54-4048-b393-4378950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2d5-ee54-4048-b393-4378950d210f",
|
|
|
|
"value": "98.124.251.166"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d5-0d48-424e-9713-4835950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:37.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:37.000Z",
|
|
|
|
"pattern": "[url:value = 'http://rossfranklinarchitecture.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:37Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d6-f34c-4b25-a388-40da950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:38.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:38.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rossfranklinarchitecture.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2d6-4ab8-46c3-87d5-45a7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:38.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:38.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:38Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:38Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2d6-4ab8-46c3-87d5-45a7950d210f",
|
|
|
|
"ipv4-addr--59b7f2d6-4ab8-46c3-87d5-45a7950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2d6-4ab8-46c3-87d5-45a7950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2d6-4ab8-46c3-87d5-45a7950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2d6-4ab8-46c3-87d5-45a7950d210f",
|
|
|
|
"value": "103.53.172.3"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d6-d968-4219-9ab8-4fa4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:38.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:38.000Z",
|
|
|
|
"pattern": "[url:value = 'http://rubybuilders.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:38Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d7-3314-4f5b-a055-45d0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:39.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:39.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rubybuilders.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2d7-3a90-4dca-9e2e-4695950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:39.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:39.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:39Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:39Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2d7-3a90-4dca-9e2e-4695950d210f",
|
|
|
|
"ipv4-addr--59b7f2d7-3a90-4dca-9e2e-4695950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2d7-3a90-4dca-9e2e-4695950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2d7-3a90-4dca-9e2e-4695950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2d7-3a90-4dca-9e2e-4695950d210f",
|
|
|
|
"value": "216.53.144.11"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d7-d6d8-43af-9c0b-4c34950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:39.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:39.000Z",
|
|
|
|
"pattern": "[url:value = 'http://rudymiles.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d8-1a00-4797-841a-4f1d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:39.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:39.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rudymiles.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:39Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2d8-abc4-46d8-9149-4978950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:40.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:40.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:40Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:40Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2d8-abc4-46d8-9149-4978950d210f",
|
|
|
|
"ipv4-addr--59b7f2d8-abc4-46d8-9149-4978950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2d8-abc4-46d8-9149-4978950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2d8-abc4-46d8-9149-4978950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2d8-abc4-46d8-9149-4978950d210f",
|
|
|
|
"value": "67.227.236.178"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d8-687c-47da-ac59-40c3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:40.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:40.000Z",
|
|
|
|
"pattern": "[url:value = 'http://r-watch.gpatpa.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d8-c890-4bc8-b017-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:40.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:40.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'r-watch.gpatpa.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:40Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2d9-1628-44c6-bc54-457e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:41.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:41.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:41Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:41Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2d9-1628-44c6-bc54-457e950d210f",
|
|
|
|
"ipv4-addr--59b7f2d9-1628-44c6-bc54-457e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2d9-1628-44c6-bc54-457e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2d9-1628-44c6-bc54-457e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2d9-1628-44c6-bc54-457e950d210f",
|
|
|
|
"value": "206.214.165.35"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d9-c7f4-416d-addf-465d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:41.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:41.000Z",
|
|
|
|
"pattern": "[url:value = 'http://safetreehunt.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2d9-8a88-463c-9c74-43b6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:41.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:41.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'safetreehunt.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:41Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2da-0e50-4614-b5a1-4a25950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:42.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:42.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:42Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:42Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2da-0e50-4614-b5a1-4a25950d210f",
|
|
|
|
"ipv4-addr--59b7f2da-0e50-4614-b5a1-4a25950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2da-0e50-4614-b5a1-4a25950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2da-0e50-4614-b5a1-4a25950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2da-0e50-4614-b5a1-4a25950d210f",
|
|
|
|
"value": "198.54.126.51"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2da-4b10-4fc3-8484-4f53950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:42.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:42.000Z",
|
|
|
|
"pattern": "[url:value = 'http://schlupfwespen.org/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2da-58f0-459b-8279-4fac950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:42.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:42.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'schlupfwespen.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:42Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2db-aff8-459d-9e2f-4b96950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:43.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:43.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:43Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:43Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2db-aff8-459d-9e2f-4b96950d210f",
|
|
|
|
"ipv4-addr--59b7f2db-aff8-459d-9e2f-4b96950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2db-aff8-459d-9e2f-4b96950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2db-aff8-459d-9e2f-4b96950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2db-aff8-459d-9e2f-4b96950d210f",
|
|
|
|
"value": "85.25.185.254"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2db-f200-45db-8950-406b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:43.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:43.000Z",
|
|
|
|
"pattern": "[url:value = 'http://schmecksymama.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2db-498c-46af-abaa-43e5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:43.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:43.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'schmecksymama.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:43Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2dc-5f2c-4d37-aef1-4465950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:44.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:44.000Z",
|
|
|
|
"pattern": "[url:value = 'http://servidorinformatica.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2dc-83dc-40c1-9b64-4ec7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:44.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:44.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'servidorinformatica.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2dc-53b0-4435-a751-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:44.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:44.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:44Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:44Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2dc-53b0-4435-a751-02fc950d210f",
|
|
|
|
"ipv4-addr--59b7f2dc-53b0-4435-a751-02fc950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2dc-53b0-4435-a751-02fc950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2dc-53b0-4435-a751-02fc950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2dc-53b0-4435-a751-02fc950d210f",
|
|
|
|
"value": "80.172.241.35"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2dc-6558-4888-975f-44cd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:44.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:44.000Z",
|
|
|
|
"pattern": "[url:value = 'http://slopanthers.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:44Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2dd-1b4c-4c20-8d7f-4c6c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:45.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:45.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'slopanthers.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2dd-73fc-466d-b0c4-4351950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:45.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:45.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:45Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:45Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2dd-73fc-466d-b0c4-4351950d210f",
|
|
|
|
"ipv4-addr--59b7f2dd-73fc-466d-b0c4-4351950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2dd-73fc-466d-b0c4-4351950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2dd-73fc-466d-b0c4-4351950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2dd-73fc-466d-b0c4-4351950d210f",
|
|
|
|
"value": "208.79.200.84"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2dd-5570-4460-8727-4876950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:45.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:45.000Z",
|
|
|
|
"pattern": "[url:value = 'http://slypark.gotnet.net/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2dd-1ae8-47e3-9e3d-4eba950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:45.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:45.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'slypark.gotnet.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:45Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2de-4940-4aee-b205-4afc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:46.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:46.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:46Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:46Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2de-4940-4aee-b205-4afc950d210f",
|
|
|
|
"ipv4-addr--59b7f2de-4940-4aee-b205-4afc950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2de-4940-4aee-b205-4afc950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2de-4940-4aee-b205-4afc950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2de-4940-4aee-b205-4afc950d210f",
|
|
|
|
"value": "66.81.32.12"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2de-7784-4802-887a-43db950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:46.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:46.000Z",
|
|
|
|
"pattern": "[url:value = 'http://smart-soft.pl/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:46Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2df-cb50-4d19-aba2-4b8b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:47.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:47.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'smart-soft.pl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2df-7f28-4cc9-96c8-4493950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:47.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:47.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:47Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:47Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2df-7f28-4cc9-96c8-4493950d210f",
|
|
|
|
"ipv4-addr--59b7f2df-7f28-4cc9-96c8-4493950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2df-7f28-4cc9-96c8-4493950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2df-7f28-4cc9-96c8-4493950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2df-7f28-4cc9-96c8-4493950d210f",
|
|
|
|
"value": "91.121.175.92"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2df-0d20-4f31-bd0b-4388950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:47.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:47.000Z",
|
|
|
|
"pattern": "[url:value = 'http://spazioireos.it/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2df-e270-4516-8dcd-498b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:47.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:47.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'spazioireos.it']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:47Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2e0-38a8-49ea-a767-49b6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:48.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:48.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:48Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:48Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2e0-38a8-49ea-a767-49b6950d210f",
|
|
|
|
"ipv4-addr--59b7f2e0-38a8-49ea-a767-49b6950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2e0-38a8-49ea-a767-49b6950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2e0-38a8-49ea-a767-49b6950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2e0-38a8-49ea-a767-49b6950d210f",
|
|
|
|
"value": "81.29.205.233"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e0-9f44-4b5e-a669-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:48.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:48.000Z",
|
|
|
|
"pattern": "[url:value = 'http://stichtingeigenmuziekinstrument.nl/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e0-9988-458f-b46c-41cb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:48.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:48.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'stichtingeigenmuziekinstrument.nl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2e0-dca4-48f0-a1c7-42db950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:48.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:48.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:48Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:48Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2e0-dca4-48f0-a1c7-42db950d210f",
|
|
|
|
"ipv4-addr--59b7f2e0-dca4-48f0-a1c7-42db950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2e0-dca4-48f0-a1c7-42db950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2e0-dca4-48f0-a1c7-42db950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2e0-dca4-48f0-a1c7-42db950d210f",
|
|
|
|
"value": "62.212.152.100"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e0-f2e0-4eec-92a0-4d1c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:48.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:48.000Z",
|
|
|
|
"pattern": "[url:value = 'http://subjectk.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:48Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e1-1e1c-4d36-90a5-4776950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:49.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:49.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'subjectk.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e1-dc50-4b10-a40e-4146950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:49.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:49.000Z",
|
|
|
|
"pattern": "[url:value = 'http://tagesmutter-regina.de/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e1-a2c4-47de-8922-4f85950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:49.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:49.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'tagesmutter-regina.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:49Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2e2-5b00-4c11-9e2d-4b13950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:50.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:50.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:50Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:50Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2e2-5b00-4c11-9e2d-4b13950d210f",
|
|
|
|
"ipv4-addr--59b7f2e2-5b00-4c11-9e2d-4b13950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2e2-5b00-4c11-9e2d-4b13950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2e2-5b00-4c11-9e2d-4b13950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2e2-5b00-4c11-9e2d-4b13950d210f",
|
|
|
|
"value": "194.116.187.130"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e2-1a88-4f77-968e-4eff950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:50.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:50.000Z",
|
|
|
|
"pattern": "[url:value = 'http://tailer.it/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e2-114c-4e7a-bb6e-4115950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:50.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:50.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'tailer.it']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:50Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e3-6cfc-4433-9db7-40cb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:51.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://tarimsalteknoloji.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e3-3b1c-4e63-b663-4d3b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:51.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:51.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'tarimsalteknoloji.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2e3-bfd4-450d-baee-4b35950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:51.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:51.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:51Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:51Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2e3-bfd4-450d-baee-4b35950d210f",
|
|
|
|
"ipv4-addr--59b7f2e3-bfd4-450d-baee-4b35950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2e3-bfd4-450d-baee-4b35950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2e3-bfd4-450d-baee-4b35950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2e3-bfd4-450d-baee-4b35950d210f",
|
|
|
|
"value": "185.150.128.21"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e3-e9ec-4bfa-9f81-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:51.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:51.000Z",
|
|
|
|
"pattern": "[url:value = 'http://techknowlogix.net/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:51Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e4-299c-4888-a39e-4704950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:52.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:52.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'techknowlogix.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2e4-c014-432a-aaab-4cf5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:52.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:52.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:52Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:52Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2e4-c014-432a-aaab-4cf5950d210f",
|
|
|
|
"ipv4-addr--59b7f2e4-c014-432a-aaab-4cf5950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2e4-c014-432a-aaab-4cf5950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2e4-c014-432a-aaab-4cf5950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2e4-c014-432a-aaab-4cf5950d210f",
|
|
|
|
"value": "98.124.251.72"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e4-a2e4-4bca-afc0-44e7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:52.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:52.000Z",
|
|
|
|
"pattern": "[url:value = 'http://thailand-reiseberichte.de/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e4-3a64-4b7e-9a39-4d2a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:52.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:52.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'thailand-reiseberichte.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:52Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2e5-72a4-4201-a577-46bf950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:53.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:53.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:53Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:53Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2e5-72a4-4201-a577-46bf950d210f",
|
|
|
|
"ipv4-addr--59b7f2e5-72a4-4201-a577-46bf950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2e5-72a4-4201-a577-46bf950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2e5-72a4-4201-a577-46bf950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2e5-72a4-4201-a577-46bf950d210f",
|
|
|
|
"value": "87.106.160.232"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e5-61dc-4cf1-a704-461b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:53.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:53.000Z",
|
|
|
|
"pattern": "[url:value = 'http://thecoolshopper.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e5-9de0-440f-8e51-4c0f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:53.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:53.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'thecoolshopper.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:53Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e6-256c-4d86-bb13-450d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:54.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:54.000Z",
|
|
|
|
"pattern": "[url:value = 'http://thegritchens.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e6-aebc-494d-ab50-46bd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:54.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:54.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'thegritchens.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2e6-11d4-49ef-b221-4ee1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:54.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:54.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:54Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:54Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2e6-11d4-49ef-b221-4ee1950d210f",
|
|
|
|
"ipv4-addr--59b7f2e6-11d4-49ef-b221-4ee1950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2e6-11d4-49ef-b221-4ee1950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2e6-11d4-49ef-b221-4ee1950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2e6-11d4-49ef-b221-4ee1950d210f",
|
|
|
|
"value": "208.79.200.129"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e6-fad4-43ae-837d-425f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:54.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:54.000Z",
|
|
|
|
"pattern": "[url:value = 'http://thermaspa.gr/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:54Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e7-e264-4fd6-8ac7-489a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:55.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:55.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'thermaspa.gr']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2e7-1c50-4bc8-aae4-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:55.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:55.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:55Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:55Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2e7-1c50-4bc8-aae4-02fc950d210f",
|
|
|
|
"ipv4-addr--59b7f2e7-1c50-4bc8-aae4-02fc950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2e7-1c50-4bc8-aae4-02fc950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2e7-1c50-4bc8-aae4-02fc950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2e7-1c50-4bc8-aae4-02fc950d210f",
|
|
|
|
"value": "136.243.22.31"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e7-cb00-4000-b621-4729950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:55.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:55.000Z",
|
|
|
|
"pattern": "[url:value = 'http://theservantsqrtrs.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:55Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e8-b4e4-4629-98c4-4bf4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:56.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:56.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'theservantsqrtrs.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e8-0eb0-4f9d-9fad-4e72950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:56.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:56.000Z",
|
|
|
|
"pattern": "[url:value = 'http://theshearersquarters.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e8-a4ac-4dd2-936f-4fb3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:56.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:56.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'theshearersquarters.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:56Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e9-536c-4b69-bc90-4065950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:57.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://timmah.users.whitehat.dk/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e9-a18c-486d-8507-4e9c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:57.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:57.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'timmah.users.whitehat.dk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2e9-3bd4-4639-b9dd-4673950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:57.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:57.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:57Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:57Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2e9-3bd4-4639-b9dd-4673950d210f",
|
|
|
|
"ipv4-addr--59b7f2e9-3bd4-4639-b9dd-4673950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2e9-3bd4-4639-b9dd-4673950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2e9-3bd4-4639-b9dd-4673950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2e9-3bd4-4639-b9dd-4673950d210f",
|
|
|
|
"value": "91.221.196.222"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e9-a4f0-4903-9f74-4e0a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:57.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:57.000Z",
|
|
|
|
"pattern": "[url:value = 'http://tns-consult.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2e9-1238-4ea9-926a-4960950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:57.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:57.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'tns-consult.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:57Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ea-4fe0-465e-b024-4aba950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:58.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:58.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:58Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:58Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ea-4fe0-465e-b024-4aba950d210f",
|
|
|
|
"ipv4-addr--59b7f2ea-4fe0-465e-b024-4aba950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ea-4fe0-465e-b024-4aba950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ea-4fe0-465e-b024-4aba950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ea-4fe0-465e-b024-4aba950d210f",
|
|
|
|
"value": "98.124.252.132"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ea-f6c4-4aa2-a677-40b5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:58.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:58.000Z",
|
|
|
|
"pattern": "[url:value = 'http://tofolmartinez.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ea-20b4-4224-9cd7-4ff5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:58.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:58.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'tofolmartinez.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:58Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ea-6cf4-46c9-899b-487e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:58.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:58.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:58Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:58Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ea-6cf4-46c9-899b-487e950d210f",
|
|
|
|
"ipv4-addr--59b7f2ea-6cf4-46c9-899b-487e950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ea-6cf4-46c9-899b-487e950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ea-6cf4-46c9-899b-487e950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ea-6cf4-46c9-899b-487e950d210f",
|
|
|
|
"value": "82.98.139.51"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2eb-7824-4fcf-8e56-48ff950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:59.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://trapiantivarese.org/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2eb-b9cc-436b-b22d-4dde950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:59.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'trapiantivarese.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2eb-2fc8-4433-908c-437c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:59.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:59.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:44:59Z",
|
|
|
|
"last_observed": "2017-09-12T14:44:59Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2eb-2fc8-4433-908c-437c950d210f",
|
|
|
|
"ipv4-addr--59b7f2eb-2fc8-4433-908c-437c950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2eb-2fc8-4433-908c-437c950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2eb-2fc8-4433-908c-437c950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2eb-2fc8-4433-908c-437c950d210f",
|
|
|
|
"value": "151.1.129.127"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2eb-61bc-4b36-b712-41c3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:59.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:59.000Z",
|
|
|
|
"pattern": "[url:value = 'http://travelland.lt/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2eb-ea3c-4aa0-80f2-409e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:44:59.000Z",
|
|
|
|
"modified": "2017-09-12T14:44:59.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'travelland.lt']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:44:59Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ec-3e88-4cc4-84bb-47b4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:00.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:00.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:45:00Z",
|
|
|
|
"last_observed": "2017-09-12T14:45:00Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ec-3e88-4cc4-84bb-47b4950d210f",
|
|
|
|
"ipv4-addr--59b7f2ec-3e88-4cc4-84bb-47b4950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ec-3e88-4cc4-84bb-47b4950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ec-3e88-4cc4-84bb-47b4950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ec-3e88-4cc4-84bb-47b4950d210f",
|
|
|
|
"value": "92.61.36.45"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ec-00a4-46cb-8fbf-4080950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:00.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:00.000Z",
|
|
|
|
"pattern": "[url:value = 'http://treasuresgiftbook.com/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ec-0d0c-4fd4-ae57-4455950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:00.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:00.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'treasuresgiftbook.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:00Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ed-6fa8-4e8f-a691-420b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:01.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:01.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:45:01Z",
|
|
|
|
"last_observed": "2017-09-12T14:45:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ed-6fa8-4e8f-a691-420b950d210f",
|
|
|
|
"ipv4-addr--59b7f2ed-6fa8-4e8f-a691-420b950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ed-6fa8-4e8f-a691-420b950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ed-6fa8-4e8f-a691-420b950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ed-6fa8-4e8f-a691-420b950d210f",
|
|
|
|
"value": "184.168.22.47"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ed-0ad4-45fe-889b-45d4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:01.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://truhlarstvi-bezdeka.cz/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ed-bca8-4caa-96fc-4d6f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:01.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:01.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'truhlarstvi-bezdeka.cz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ed-6e88-4b7e-8e13-4b85950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:01.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:01.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:45:01Z",
|
|
|
|
"last_observed": "2017-09-12T14:45:01Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ed-6e88-4b7e-8e13-4b85950d210f",
|
|
|
|
"ipv4-addr--59b7f2ed-6e88-4b7e-8e13-4b85950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ed-6e88-4b7e-8e13-4b85950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ed-6e88-4b7e-8e13-4b85950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ed-6e88-4b7e-8e13-4b85950d210f",
|
|
|
|
"value": "77.48.30.87"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ed-1990-46de-9d4a-4c83950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:01.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:01.000Z",
|
|
|
|
"pattern": "[url:value = 'http://turfschiploge.nl/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:01Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ee-278c-4b75-a0c2-44c2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:02.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:02.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'turfschiploge.nl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ee-7e68-4fde-97f9-4d31950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:02.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:02.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:45:02Z",
|
|
|
|
"last_observed": "2017-09-12T14:45:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ee-7e68-4fde-97f9-4d31950d210f",
|
|
|
|
"ipv4-addr--59b7f2ee-7e68-4fde-97f9-4d31950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ee-7e68-4fde-97f9-4d31950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ee-7e68-4fde-97f9-4d31950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ee-7e68-4fde-97f9-4d31950d210f",
|
|
|
|
"value": "46.235.43.11"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ee-db00-4cef-a9ef-4548950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:02.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:02.000Z",
|
|
|
|
"pattern": "[url:value = 'http://wohnungen-detailliert.de/AmazonSignIn.html']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ee-2ea4-4db4-9141-4c55950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:02.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:02.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'wohnungen-detailliert.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:02Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2ee-46d4-42e8-ae0d-4ad5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:02.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:02.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:45:02Z",
|
|
|
|
"last_observed": "2017-09-12T14:45:02Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2ee-46d4-42e8-ae0d-4ad5950d210f",
|
|
|
|
"ipv4-addr--59b7f2ee-46d4-42e8-ae0d-4ad5950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2ee-46d4-42e8-ae0d-4ad5950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2ee-46d4-42e8-ae0d-4ad5950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2ee-46d4-42e8-ae0d-4ad5950d210f",
|
|
|
|
"value": "85.214.81.136"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ef-0d6c-4b4f-8ab1-45b0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:03.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:03.000Z",
|
|
|
|
"pattern": "[url:value = 'http://wittinhohemmo.net/order.php']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2ef-6cf4-41c4-9a21-4e7f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:03.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:03.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'wittinhohemmo.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:03Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2f4-6ae0-4c61-8ea8-4c1a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:08.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:08.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:45:08Z",
|
|
|
|
"last_observed": "2017-09-12T14:45:08Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2f4-6ae0-4c61-8ea8-4c1a950d210f",
|
|
|
|
"ipv4-addr--59b7f2f4-6ae0-4c61-8ea8-4c1a950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2f4-6ae0-4c61-8ea8-4c1a950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2f4-6ae0-4c61-8ea8-4c1a950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2f4-6ae0-4c61-8ea8-4c1a950d210f",
|
|
|
|
"value": "47.88.55.29"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f4-7e88-4838-b7ae-44f6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:08.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:08.000Z",
|
|
|
|
"pattern": "[url:value = 'http://ruisi.fr/ddokslf.exe']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:08Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f5-9b08-4b1c-b578-40e4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:09.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:09.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ruisi.fr']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2f5-0144-4eb6-bc46-4d5b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:09.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:09.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:45:09Z",
|
|
|
|
"last_observed": "2017-09-12T14:45:09Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2f5-0144-4eb6-bc46-4d5b950d210f",
|
|
|
|
"ipv4-addr--59b7f2f5-0144-4eb6-bc46-4d5b950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2f5-0144-4eb6-bc46-4d5b950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2f5-0144-4eb6-bc46-4d5b950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2f5-0144-4eb6-bc46-4d5b950d210f",
|
|
|
|
"value": "195.154.227.5"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2f5-7db4-482e-bb36-4404950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:09.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:09.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:45:09Z",
|
|
|
|
"last_observed": "2017-09-12T14:45:09Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--59b7f2f5-7db4-482e-bb36-4404950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--59b7f2f5-7db4-482e-bb36-4404950d210f",
|
|
|
|
"value": "http://217.106.238.89/imageload.cgi"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59b7f2f5-80a8-4bb0-88d2-4e5d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:09.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:09.000Z",
|
|
|
|
"first_observed": "2017-09-12T14:45:09Z",
|
|
|
|
"last_observed": "2017-09-12T14:45:09Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--59b7f2f5-80a8-4bb0-88d2-4e5d950d210f",
|
|
|
|
"ipv4-addr--59b7f2f5-80a8-4bb0-88d2-4e5d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--59b7f2f5-80a8-4bb0-88d2-4e5d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--59b7f2f5-80a8-4bb0-88d2-4e5d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--59b7f2f5-80a8-4bb0-88d2-4e5d950d210f",
|
|
|
|
"value": "217.106.238.89"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f5-baf4-45dc-bf5c-4299950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:09.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:09.000Z",
|
|
|
|
"pattern": "[url:value = 'http://euqfwticrd.su/imageload.cgi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:09Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f6-ace8-47ba-8706-48bd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:10.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:10.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'euqfwticrd.su']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f6-b5c8-4bd4-bd02-43b0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:10.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:10.000Z",
|
|
|
|
"pattern": "[url:value = 'http://qljsukddh.ru/imageload.cgi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f6-3e7c-4d5c-a3e7-4bc5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:10.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:10.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'qljsukddh.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f6-961c-48dd-a916-4b26950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:10.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:10.000Z",
|
|
|
|
"pattern": "[url:value = 'http://vbquoegxdqmhbs.work/imageload.cgi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:10Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f7-bc04-4116-9471-4df9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:11.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:11.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'vbquoegxdqmhbs.work']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f7-238c-4f17-afdc-4957950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:11.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:11.000Z",
|
|
|
|
"pattern": "[url:value = 'http://xpjsvwvxsbnv.biz/imageload.cgi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f7-7a78-4b67-8816-450b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:11.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:11.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'xpjsvwvxsbnv.biz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f7-19f4-4d93-9884-424e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:11.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:11.000Z",
|
|
|
|
"pattern": "[url:value = 'http://uoivdwisd.pl/imageload.cgi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f7-da40-46ee-a700-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:11.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:11.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'uoivdwisd.pl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:11Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f8-1494-48f2-8aa7-4ffe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:12.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:12.000Z",
|
|
|
|
"pattern": "[url:value = 'http://dkbclsxl.su/imageload.cgi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f8-8e5c-4a14-ad33-4e6c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:12.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'dkbclsxl.su']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f8-9cbc-4db8-9057-48a1950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:12.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:12.000Z",
|
|
|
|
"pattern": "[url:value = 'http://xsmoouv.su/imageload.cgi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f8-4fac-43be-b4e9-4b5c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:12.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:12.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'xsmoouv.su']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f8-349c-4d29-b262-4178950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:12.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:12.000Z",
|
|
|
|
"pattern": "[url:value = 'http://lkqmqgbpdle.su/imageload.cgi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:12Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f9-d4d0-4055-8f0c-45ea950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:13.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:13.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'lkqmqgbpdle.su']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f9-49c8-4ab9-8800-4d41950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:13.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:13.000Z",
|
|
|
|
"pattern": "[url:value = 'http://opwpsjnhkshl.xyz/imageload.cgi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f9-7ea4-4419-95b1-4485950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:13.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:13.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'opwpsjnhkshl.xyz']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2f9-120c-4cf9-9518-4306950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:13.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:13.000Z",
|
|
|
|
"pattern": "[url:value = 'http://bhetakwouno.info/imageload.cgi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:13Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2fa-411c-4c26-8245-4e07950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:14.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'bhetakwouno.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2fa-a554-45bd-99e1-02fc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:14.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:14.000Z",
|
|
|
|
"pattern": "[url:value = 'http://wnobheuejtidtiip.info/imageload.cgi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2fa-87a4-45dd-9f2c-42b0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:14.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'wnobheuejtidtiip.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2fa-3adc-4dd8-b8b2-4b3b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:14.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:14.000Z",
|
|
|
|
"pattern": "[url:value = 'http://ixgolywnbwvwmtu.org/imageload.cgi']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59b7f2fa-c814-466a-baf8-4c63950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-09-12T14:45:14.000Z",
|
|
|
|
"modified": "2017-09-12T14:45:14.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ixgolywnbwvwmtu.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-09-12T14:45:14Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|