2023-04-21 13:25:09 +00:00
|
|
|
{
|
2023-06-14 17:31:25 +00:00
|
|
|
"type": "bundle",
|
|
|
|
"id": "bundle--5950fd85-deb8-4a7d-92c9-4ba8950d210f",
|
|
|
|
"objects": [
|
|
|
|
{
|
|
|
|
"type": "identity",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-04T13:43:07.000Z",
|
|
|
|
"modified": "2017-07-04T13:43:07.000Z",
|
|
|
|
"name": "CIRCL",
|
|
|
|
"identity_class": "organization"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "report",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "report--5950fd85-deb8-4a7d-92c9-4ba8950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-07-04T13:43:07.000Z",
|
|
|
|
"modified": "2017-07-04T13:43:07.000Z",
|
|
|
|
"name": "M2M - Locky 2017-06-26 : Affid=3 : \"12_Invoice_3456\" - \"001_4321.zip\"",
|
|
|
|
"published": "2017-07-04T13:45:59Z",
|
|
|
|
"object_refs": [
|
|
|
|
"indicator--5950fd86-abac-4c0c-b3f0-837b950d210f",
|
|
|
|
"indicator--5950fd87-9678-41cc-b950-41f9950d210f",
|
|
|
|
"indicator--5950fd87-d248-43c1-8620-41e7950d210f",
|
|
|
|
"indicator--5950fd87-f124-46d3-b38f-4e37950d210f",
|
|
|
|
"observed-data--5950fd87-bf68-4e19-b00e-8c36950d210f",
|
|
|
|
"network-traffic--5950fd87-bf68-4e19-b00e-8c36950d210f",
|
|
|
|
"ipv4-addr--5950fd87-bf68-4e19-b00e-8c36950d210f",
|
|
|
|
"indicator--5950fd87-f0c0-4c46-8ad4-40dd950d210f",
|
|
|
|
"indicator--5950fd87-bed0-4bf6-af7e-4034950d210f",
|
|
|
|
"observed-data--5950fd88-e26c-4f11-ac94-d5c6950d210f",
|
|
|
|
"network-traffic--5950fd88-e26c-4f11-ac94-d5c6950d210f",
|
|
|
|
"ipv4-addr--5950fd88-e26c-4f11-ac94-d5c6950d210f",
|
|
|
|
"indicator--5950fd88-f208-4b4e-81e6-46a3950d210f",
|
|
|
|
"indicator--5950fd88-0538-4086-9da9-8c2d950d210f",
|
|
|
|
"observed-data--5950fd89-b440-4594-bc55-4170950d210f",
|
|
|
|
"network-traffic--5950fd89-b440-4594-bc55-4170950d210f",
|
|
|
|
"ipv4-addr--5950fd89-b440-4594-bc55-4170950d210f",
|
|
|
|
"indicator--5950fd89-44d0-492d-afcf-8380950d210f",
|
|
|
|
"indicator--5950fd89-d634-4e66-8d5f-da14950d210f",
|
|
|
|
"observed-data--5950fd8a-72b4-4a47-81a1-8c36950d210f",
|
|
|
|
"network-traffic--5950fd8a-72b4-4a47-81a1-8c36950d210f",
|
|
|
|
"ipv4-addr--5950fd8a-72b4-4a47-81a1-8c36950d210f",
|
|
|
|
"indicator--5950fd8a-98b4-4737-a311-46f3950d210f",
|
|
|
|
"indicator--5950fd8a-294c-4651-8c83-4a3b950d210f",
|
|
|
|
"observed-data--5950fd8a-1f8c-4cf6-895d-4da9950d210f",
|
|
|
|
"network-traffic--5950fd8a-1f8c-4cf6-895d-4da9950d210f",
|
|
|
|
"ipv4-addr--5950fd8a-1f8c-4cf6-895d-4da9950d210f",
|
|
|
|
"indicator--5950fd8b-3530-4859-9cc5-4e1c950d210f",
|
|
|
|
"indicator--5950fd8b-a0a0-424d-bbab-837b950d210f",
|
|
|
|
"observed-data--5950fd8b-e240-4b80-a31d-4002950d210f",
|
|
|
|
"network-traffic--5950fd8b-e240-4b80-a31d-4002950d210f",
|
|
|
|
"ipv4-addr--5950fd8b-e240-4b80-a31d-4002950d210f",
|
|
|
|
"observed-data--5950fd8b-4098-4630-85f0-8380950d210f",
|
|
|
|
"network-traffic--5950fd8b-4098-4630-85f0-8380950d210f",
|
|
|
|
"ipv4-addr--5950fd8b-4098-4630-85f0-8380950d210f",
|
|
|
|
"indicator--5950fd8b-ea3c-46a5-8175-da14950d210f",
|
|
|
|
"indicator--5950fd8b-3db8-45fd-86d1-45a2950d210f",
|
|
|
|
"observed-data--5950fd8d-ab04-4864-acca-8c2d950d210f",
|
|
|
|
"network-traffic--5950fd8d-ab04-4864-acca-8c2d950d210f",
|
|
|
|
"ipv4-addr--5950fd8d-ab04-4864-acca-8c2d950d210f",
|
|
|
|
"indicator--5950fd8d-987c-418e-a804-837b950d210f",
|
|
|
|
"indicator--5950fd8d-bf48-4bcc-82dc-4f0a950d210f",
|
|
|
|
"observed-data--5950fd8d-dbe8-4826-81e2-40b6950d210f",
|
|
|
|
"network-traffic--5950fd8d-dbe8-4826-81e2-40b6950d210f",
|
|
|
|
"ipv4-addr--5950fd8d-dbe8-4826-81e2-40b6950d210f",
|
|
|
|
"indicator--5950fd8e-53b4-4d69-937d-47de950d210f",
|
|
|
|
"indicator--5950fd8e-dd8c-4c9b-a7a2-8380950d210f",
|
|
|
|
"observed-data--5950fd8e-54d0-43d6-b623-407b950d210f",
|
|
|
|
"network-traffic--5950fd8e-54d0-43d6-b623-407b950d210f",
|
|
|
|
"ipv4-addr--5950fd8e-54d0-43d6-b623-407b950d210f",
|
|
|
|
"indicator--5950fd8e-2a34-4b50-9a57-da14950d210f",
|
|
|
|
"indicator--5950fd8e-fa4c-425e-bfc2-4c05950d210f",
|
|
|
|
"observed-data--5950fd8f-106c-482c-a62a-4ee7950d210f",
|
|
|
|
"network-traffic--5950fd8f-106c-482c-a62a-4ee7950d210f",
|
|
|
|
"ipv4-addr--5950fd8f-106c-482c-a62a-4ee7950d210f",
|
|
|
|
"indicator--5950fd8f-5be8-4ff9-93f4-8c36950d210f",
|
|
|
|
"indicator--5950fd8f-5a0c-467f-a89b-44d2950d210f",
|
|
|
|
"observed-data--5950fd90-87e4-456e-b0f4-4356950d210f",
|
|
|
|
"network-traffic--5950fd90-87e4-456e-b0f4-4356950d210f",
|
|
|
|
"ipv4-addr--5950fd90-87e4-456e-b0f4-4356950d210f",
|
|
|
|
"indicator--5950fd90-4568-4f7b-8dc4-4d7a950d210f",
|
|
|
|
"indicator--5950fd90-c788-4ecc-a21f-47fe950d210f",
|
|
|
|
"observed-data--5950fd91-e308-40ee-9955-446f950d210f",
|
|
|
|
"network-traffic--5950fd91-e308-40ee-9955-446f950d210f",
|
|
|
|
"ipv4-addr--5950fd91-e308-40ee-9955-446f950d210f",
|
|
|
|
"indicator--5950fd91-eee8-4611-8269-d5c6950d210f",
|
|
|
|
"indicator--5950fd91-0508-45ef-8e43-405d950d210f",
|
|
|
|
"observed-data--5950fd91-556c-49d5-81af-4f93950d210f",
|
|
|
|
"network-traffic--5950fd91-556c-49d5-81af-4f93950d210f",
|
|
|
|
"ipv4-addr--5950fd91-556c-49d5-81af-4f93950d210f",
|
|
|
|
"indicator--5950fd91-4000-455e-aef7-8c2d950d210f",
|
|
|
|
"indicator--5950fd91-b3c4-4cfd-aeae-837b950d210f",
|
|
|
|
"observed-data--5950fd92-f3fc-48a7-ad88-4844950d210f",
|
|
|
|
"network-traffic--5950fd92-f3fc-48a7-ad88-4844950d210f",
|
|
|
|
"ipv4-addr--5950fd92-f3fc-48a7-ad88-4844950d210f",
|
|
|
|
"indicator--5950fd92-1188-475f-8451-4562950d210f",
|
|
|
|
"indicator--5950fd92-5be4-4566-95bf-42a6950d210f",
|
|
|
|
"observed-data--5950fd92-fb00-4f24-839c-8380950d210f",
|
|
|
|
"network-traffic--5950fd92-fb00-4f24-839c-8380950d210f",
|
|
|
|
"ipv4-addr--5950fd92-fb00-4f24-839c-8380950d210f",
|
|
|
|
"indicator--5950fd92-7ab4-4a49-bf2b-49ee950d210f",
|
|
|
|
"indicator--5950fd93-2254-46e1-bbbc-da14950d210f",
|
|
|
|
"observed-data--5950fd94-4aa4-422a-b651-4819950d210f",
|
|
|
|
"network-traffic--5950fd94-4aa4-422a-b651-4819950d210f",
|
|
|
|
"ipv4-addr--5950fd94-4aa4-422a-b651-4819950d210f",
|
|
|
|
"indicator--5950fd94-ce9c-4234-9d55-463b950d210f",
|
|
|
|
"indicator--5950fd94-1c00-48ff-a1f9-8c36950d210f",
|
|
|
|
"observed-data--5950fd94-dbe0-40a9-ac6b-46db950d210f",
|
|
|
|
"network-traffic--5950fd94-dbe0-40a9-ac6b-46db950d210f",
|
|
|
|
"ipv4-addr--5950fd94-dbe0-40a9-ac6b-46db950d210f",
|
|
|
|
"indicator--5950fd94-6330-4ae3-adcf-47ec950d210f",
|
|
|
|
"indicator--5950fd94-8864-4977-ab8c-4bf4950d210f",
|
|
|
|
"observed-data--5950fd95-f57c-4df8-a334-43f3950d210f",
|
|
|
|
"network-traffic--5950fd95-f57c-4df8-a334-43f3950d210f",
|
|
|
|
"ipv4-addr--5950fd95-f57c-4df8-a334-43f3950d210f",
|
|
|
|
"indicator--5950fd95-b778-4261-a690-4c74950d210f",
|
|
|
|
"indicator--5950fd95-f528-47c4-b8ee-d5c6950d210f",
|
|
|
|
"observed-data--5950fd95-bae0-4e1a-9b6f-43b5950d210f",
|
|
|
|
"network-traffic--5950fd95-bae0-4e1a-9b6f-43b5950d210f",
|
|
|
|
"ipv4-addr--5950fd95-bae0-4e1a-9b6f-43b5950d210f",
|
|
|
|
"indicator--5950fd95-2884-434f-9cb0-4203950d210f",
|
|
|
|
"indicator--5950fd95-b1b4-4768-acdc-8c2d950d210f",
|
|
|
|
"observed-data--5950fd96-5604-4d90-9921-837b950d210f",
|
|
|
|
"network-traffic--5950fd96-5604-4d90-9921-837b950d210f",
|
|
|
|
"ipv4-addr--5950fd96-5604-4d90-9921-837b950d210f",
|
|
|
|
"indicator--5950fd96-7534-4967-9c34-495e950d210f",
|
|
|
|
"indicator--5950fd96-00c8-45ad-b234-4e29950d210f",
|
|
|
|
"observed-data--5950fd96-d7f4-4127-ab81-4a83950d210f",
|
|
|
|
"network-traffic--5950fd96-d7f4-4127-ab81-4a83950d210f",
|
|
|
|
"ipv4-addr--5950fd96-d7f4-4127-ab81-4a83950d210f",
|
|
|
|
"indicator--5950fd96-9274-4c23-a79a-8380950d210f",
|
|
|
|
"indicator--5950fd96-95b8-424f-ad51-4f10950d210f",
|
|
|
|
"observed-data--5950fd97-8e3c-494d-9cb1-da14950d210f",
|
|
|
|
"network-traffic--5950fd97-8e3c-494d-9cb1-da14950d210f",
|
|
|
|
"ipv4-addr--5950fd97-8e3c-494d-9cb1-da14950d210f",
|
|
|
|
"indicator--5950fd97-08f0-4689-94fb-402e950d210f",
|
|
|
|
"indicator--5950fd97-22d8-4f58-9e1b-471c950d210f",
|
|
|
|
"observed-data--5950fd97-1148-4fd5-9612-8c36950d210f",
|
|
|
|
"network-traffic--5950fd97-1148-4fd5-9612-8c36950d210f",
|
|
|
|
"ipv4-addr--5950fd97-1148-4fd5-9612-8c36950d210f",
|
|
|
|
"indicator--5950fd97-7434-4cad-aad8-41b2950d210f",
|
|
|
|
"indicator--5950fd98-1680-4df0-a416-4455950d210f",
|
|
|
|
"observed-data--5950fd99-201c-4fe9-9930-4f60950d210f",
|
|
|
|
"network-traffic--5950fd99-201c-4fe9-9930-4f60950d210f",
|
|
|
|
"ipv4-addr--5950fd99-201c-4fe9-9930-4f60950d210f",
|
|
|
|
"indicator--5950fd99-171c-4154-82d9-d5c6950d210f",
|
|
|
|
"indicator--5950fd99-60c0-4095-9c3c-4061950d210f",
|
|
|
|
"observed-data--5950fd99-d6d8-447c-be1f-4ffb950d210f",
|
|
|
|
"network-traffic--5950fd99-d6d8-447c-be1f-4ffb950d210f",
|
|
|
|
"ipv4-addr--5950fd99-d6d8-447c-be1f-4ffb950d210f",
|
|
|
|
"indicator--5950fd99-8688-4c06-b02b-8c2d950d210f",
|
|
|
|
"indicator--5950fd9a-0d88-4a0b-a506-837b950d210f",
|
|
|
|
"observed-data--5950fd9a-aff0-4108-ae3a-4e32950d210f",
|
|
|
|
"network-traffic--5950fd9a-aff0-4108-ae3a-4e32950d210f",
|
|
|
|
"ipv4-addr--5950fd9a-aff0-4108-ae3a-4e32950d210f",
|
|
|
|
"indicator--5950fd9a-517c-4414-b5df-4a53950d210f",
|
|
|
|
"indicator--5950fd9a-48b4-401c-abfd-4ece950d210f",
|
|
|
|
"observed-data--5950fd9a-10ac-43e2-bb15-8380950d210f",
|
|
|
|
"network-traffic--5950fd9a-10ac-43e2-bb15-8380950d210f",
|
|
|
|
"ipv4-addr--5950fd9a-10ac-43e2-bb15-8380950d210f",
|
|
|
|
"indicator--5950fd9a-3d78-44ae-868e-4079950d210f",
|
|
|
|
"indicator--5950fd9b-44bc-4bfc-a565-da14950d210f",
|
|
|
|
"observed-data--5950fd9b-1030-4875-b373-4b73950d210f",
|
|
|
|
"network-traffic--5950fd9b-1030-4875-b373-4b73950d210f",
|
|
|
|
"ipv4-addr--5950fd9b-1030-4875-b373-4b73950d210f",
|
|
|
|
"indicator--5950fd9b-b11c-45a4-b204-4dfd950d210f",
|
|
|
|
"indicator--5950fd9b-96a8-491d-8ffc-8c36950d210f",
|
|
|
|
"observed-data--5950fd9b-357c-4987-83fb-41c0950d210f",
|
|
|
|
"network-traffic--5950fd9b-357c-4987-83fb-41c0950d210f",
|
|
|
|
"ipv4-addr--5950fd9b-357c-4987-83fb-41c0950d210f",
|
|
|
|
"indicator--5950fd9c-6a48-4d24-916d-4666950d210f",
|
|
|
|
"indicator--5950fd9c-a1dc-49c4-b61e-46b5950d210f",
|
|
|
|
"observed-data--5950fd9d-24a8-4f7d-84bc-4edc950d210f",
|
|
|
|
"network-traffic--5950fd9d-24a8-4f7d-84bc-4edc950d210f",
|
|
|
|
"ipv4-addr--5950fd9d-24a8-4f7d-84bc-4edc950d210f",
|
|
|
|
"indicator--5950fd9d-024c-42d7-a746-4d0c950d210f",
|
|
|
|
"indicator--5950fd9d-9d40-47e7-b67a-d5c6950d210f",
|
|
|
|
"observed-data--5950fd9d-ef10-421c-9357-4951950d210f",
|
|
|
|
"network-traffic--5950fd9d-ef10-421c-9357-4951950d210f",
|
|
|
|
"ipv4-addr--5950fd9d-ef10-421c-9357-4951950d210f",
|
|
|
|
"indicator--5950fd9e-a0e4-42a7-bfd6-428f950d210f",
|
|
|
|
"indicator--5950fd9e-856c-4acc-82bc-8c2d950d210f",
|
|
|
|
"indicator--5950fd9e-5c30-48de-94d3-4132950d210f",
|
|
|
|
"indicator--5950fd9e-066c-4103-ad9a-456c950d210f",
|
|
|
|
"observed-data--5950fd9e-12f8-4d11-8e24-413c950d210f",
|
|
|
|
"network-traffic--5950fd9e-12f8-4d11-8e24-413c950d210f",
|
|
|
|
"ipv4-addr--5950fd9e-12f8-4d11-8e24-413c950d210f",
|
|
|
|
"indicator--5950fd9e-bb74-42e4-98f6-8380950d210f",
|
|
|
|
"indicator--5950fd9f-4800-427c-b94c-4eb5950d210f",
|
|
|
|
"observed-data--5950fd9f-9b78-40ca-bd10-da14950d210f",
|
|
|
|
"network-traffic--5950fd9f-9b78-40ca-bd10-da14950d210f",
|
|
|
|
"ipv4-addr--5950fd9f-9b78-40ca-bd10-da14950d210f",
|
|
|
|
"indicator--5950fd9f-7cd0-489e-88de-4f8e950d210f",
|
|
|
|
"indicator--5950fda0-6000-4b9a-9956-4b19950d210f",
|
|
|
|
"observed-data--5950fda0-3d3c-49fe-9ba9-8c36950d210f",
|
|
|
|
"network-traffic--5950fda0-3d3c-49fe-9ba9-8c36950d210f",
|
|
|
|
"ipv4-addr--5950fda0-3d3c-49fe-9ba9-8c36950d210f",
|
|
|
|
"indicator--5950fda0-dce8-4547-9d0f-4bea950d210f",
|
|
|
|
"indicator--5950fda0-fb70-4af6-9783-4a64950d210f",
|
|
|
|
"observed-data--5950fda0-d830-49fe-8337-410f950d210f",
|
|
|
|
"network-traffic--5950fda0-d830-49fe-8337-410f950d210f",
|
|
|
|
"ipv4-addr--5950fda0-d830-49fe-8337-410f950d210f",
|
|
|
|
"indicator--5950fda0-44e0-40fe-81bc-489f950d210f",
|
|
|
|
"indicator--5950fda1-e438-4f6a-b8f5-4d0c950d210f",
|
|
|
|
"observed-data--5950fda1-55f0-4213-b064-d5c6950d210f",
|
|
|
|
"network-traffic--5950fda1-55f0-4213-b064-d5c6950d210f",
|
|
|
|
"ipv4-addr--5950fda1-55f0-4213-b064-d5c6950d210f",
|
|
|
|
"indicator--5950fda1-2ddc-44b6-ba5b-4873950d210f",
|
|
|
|
"indicator--5950fda1-e6f0-4645-af69-4033950d210f",
|
|
|
|
"observed-data--5950fda2-e49c-4cdc-a765-8c2d950d210f",
|
|
|
|
"network-traffic--5950fda2-e49c-4cdc-a765-8c2d950d210f",
|
|
|
|
"ipv4-addr--5950fda2-e49c-4cdc-a765-8c2d950d210f",
|
|
|
|
"indicator--5950fda2-66cc-4850-a012-837b950d210f",
|
|
|
|
"indicator--5950fda2-b8a4-42af-affc-4455950d210f",
|
|
|
|
"observed-data--5950fda2-e100-4787-8ceb-43c4950d210f",
|
|
|
|
"network-traffic--5950fda2-e100-4787-8ceb-43c4950d210f",
|
|
|
|
"ipv4-addr--5950fda2-e100-4787-8ceb-43c4950d210f",
|
|
|
|
"indicator--5950fda2-84d4-4276-b6c9-493a950d210f",
|
|
|
|
"indicator--5950fda3-7398-4a2e-9659-8380950d210f",
|
|
|
|
"observed-data--5950fda3-26f0-4680-b148-4543950d210f",
|
|
|
|
"network-traffic--5950fda3-26f0-4680-b148-4543950d210f",
|
|
|
|
"ipv4-addr--5950fda3-26f0-4680-b148-4543950d210f",
|
|
|
|
"indicator--5950fda3-4574-4a39-85ef-da14950d210f",
|
|
|
|
"indicator--5950fda3-2294-440b-89e2-44e4950d210f",
|
|
|
|
"observed-data--5950fda4-6d34-4ba1-be57-4d31950d210f",
|
|
|
|
"network-traffic--5950fda4-6d34-4ba1-be57-4d31950d210f",
|
|
|
|
"ipv4-addr--5950fda4-6d34-4ba1-be57-4d31950d210f",
|
|
|
|
"indicator--5950fda4-70e0-48f4-a773-8c36950d210f",
|
|
|
|
"indicator--5950fda4-9460-4469-bfcc-4293950d210f",
|
|
|
|
"observed-data--5950fda4-de7c-4448-a13f-4e87950d210f",
|
|
|
|
"network-traffic--5950fda4-de7c-4448-a13f-4e87950d210f",
|
|
|
|
"ipv4-addr--5950fda4-de7c-4448-a13f-4e87950d210f",
|
|
|
|
"indicator--5950fda4-f5b0-4a3f-85bc-40a5950d210f",
|
|
|
|
"indicator--5950fda4-0580-4c38-a9f5-4ec7950d210f",
|
|
|
|
"observed-data--5950fda5-34d8-48cf-a18f-4f73950d210f",
|
|
|
|
"network-traffic--5950fda5-34d8-48cf-a18f-4f73950d210f",
|
|
|
|
"ipv4-addr--5950fda5-34d8-48cf-a18f-4f73950d210f",
|
|
|
|
"observed-data--5950fda5-2440-4d10-8542-d5c6950d210f",
|
|
|
|
"url--5950fda5-2440-4d10-8542-d5c6950d210f",
|
|
|
|
"observed-data--5950fda5-6940-4e4b-95d0-48ac950d210f",
|
|
|
|
"network-traffic--5950fda5-6940-4e4b-95d0-48ac950d210f",
|
|
|
|
"ipv4-addr--5950fda5-6940-4e4b-95d0-48ac950d210f",
|
|
|
|
"indicator--5950fda5-83dc-4ac8-9746-4253950d210f",
|
|
|
|
"indicator--5950fda5-4214-4f69-a03a-8c2d950d210f",
|
|
|
|
"observed-data--5950fda5-224c-42b8-b481-837b950d210f",
|
|
|
|
"network-traffic--5950fda5-224c-42b8-b481-837b950d210f",
|
|
|
|
"ipv4-addr--5950fda5-224c-42b8-b481-837b950d210f",
|
|
|
|
"indicator--5950fda6-97cc-4520-919c-4920950d210f",
|
|
|
|
"indicator--5950fda6-be54-4e9b-97d4-8a6e950d210f",
|
|
|
|
"indicator--5950fda6-a5a0-41b9-8987-42f5950d210f",
|
|
|
|
"indicator--5950fda6-9a90-49bc-b607-4ad6950d210f",
|
|
|
|
"indicator--5950fda6-dcd8-4a74-a1a5-8380950d210f",
|
|
|
|
"indicator--5950fda7-265c-44a8-a43c-4337950d210f",
|
|
|
|
"indicator--5950fda7-30d8-409a-8e43-da14950d210f",
|
|
|
|
"indicator--5950fda7-5e40-48c0-b100-47e0950d210f",
|
|
|
|
"indicator--5950fda7-30c4-410b-8542-45c4950d210f",
|
|
|
|
"indicator--5950fda7-fed4-412d-94cf-8c36950d210f",
|
|
|
|
"indicator--5950fda8-b43c-4c19-ab6c-4b24950d210f",
|
|
|
|
"indicator--5950fda8-f3d8-4021-b87d-4cbe950d210f",
|
|
|
|
"indicator--5950fda8-7ea0-4edb-96da-4fd9950d210f",
|
|
|
|
"indicator--5950fda8-bb88-4178-bcad-4cc3950d210f",
|
|
|
|
"indicator--5950fda8-367c-4aae-82a7-d5c6950d210f",
|
|
|
|
"indicator--5950fda9-a038-4034-9669-4b1c950d210f",
|
|
|
|
"indicator--5950fda9-1224-4078-872b-4182950d210f",
|
|
|
|
"indicator--5950fda9-46e4-4012-8499-8c2d950d210f",
|
|
|
|
"indicator--5950fda9-9138-4137-a2d7-837b950d210f",
|
|
|
|
"indicator--5950fda9-4220-406e-a38e-440e950d210f",
|
|
|
|
"indicator--5950fdaa-0144-4fa4-a13a-8a6e950d210f",
|
|
|
|
"indicator--5950fdaa-2360-41cf-aa7d-46a9950d210f",
|
|
|
|
"indicator--59520c6b-ea1c-4eef-bc62-445802de0b81",
|
|
|
|
"indicator--59520c6b-239c-47fb-85fa-426702de0b81",
|
|
|
|
"observed-data--59520c6b-f6cc-40d8-9152-461802de0b81",
|
|
|
|
"url--59520c6b-f6cc-40d8-9152-461802de0b81",
|
|
|
|
"indicator--59520c6b-4148-4137-8a03-459702de0b81",
|
|
|
|
"indicator--59520c6b-4c90-4345-8f1d-488002de0b81",
|
|
|
|
"observed-data--59520c6b-1330-4c12-a346-439402de0b81",
|
|
|
|
"url--59520c6b-1330-4c12-a346-439402de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"Threat-Report",
|
|
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
|
|
"misp-galaxy:ransomware=\"Locky\""
|
|
|
|
],
|
|
|
|
"object_marking_refs": [
|
|
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd86-abac-4c0c-b3f0-837b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = '8cd9f803947badddbfafc584edfdeebb']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd87-9678-41cc-b950-41f9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[file:hashes.MD5 = 'a0d81f0bffb0e20a34191385031cf17a']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"md5\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd87-d248-43c1-8620-41e7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://1010technologies.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd87-f124-46d3-b38f-4e37950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = '1010technologies.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd87-bf68-4e19-b00e-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd87-bf68-4e19-b00e-8c36950d210f",
|
|
|
|
"ipv4-addr--5950fd87-bf68-4e19-b00e-8c36950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd87-bf68-4e19-b00e-8c36950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd87-bf68-4e19-b00e-8c36950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd87-bf68-4e19-b00e-8c36950d210f",
|
|
|
|
"value": "66.115.159.76"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd87-f0c0-4c46-8ad4-40dd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://alexrice.co.uk/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd87-bed0-4bf6-af7e-4034950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'alexrice.co.uk']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd88-e26c-4f11-ac94-d5c6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd88-e26c-4f11-ac94-d5c6950d210f",
|
|
|
|
"ipv4-addr--5950fd88-e26c-4f11-ac94-d5c6950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd88-e26c-4f11-ac94-d5c6950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd88-e26c-4f11-ac94-d5c6950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd88-e26c-4f11-ac94-d5c6950d210f",
|
|
|
|
"value": "109.203.122.184"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd88-f208-4b4e-81e6-46a3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://aristei.com.ar/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd88-0538-4086-9da9-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'aristei.com.ar']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd89-b440-4594-bc55-4170950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd89-b440-4594-bc55-4170950d210f",
|
|
|
|
"ipv4-addr--5950fd89-b440-4594-bc55-4170950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd89-b440-4594-bc55-4170950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd89-b440-4594-bc55-4170950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd89-b440-4594-bc55-4170950d210f",
|
|
|
|
"value": "190.105.227.224"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd89-44d0-492d-afcf-8380950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://bkpny.org/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd89-d634-4e66-8d5f-da14950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'bkpny.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd8a-72b4-4a47-81a1-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd8a-72b4-4a47-81a1-8c36950d210f",
|
|
|
|
"ipv4-addr--5950fd8a-72b4-4a47-81a1-8c36950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd8a-72b4-4a47-81a1-8c36950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd8a-72b4-4a47-81a1-8c36950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd8a-72b4-4a47-81a1-8c36950d210f",
|
|
|
|
"value": "66.147.242.154"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd8a-98b4-4737-a311-46f3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://bloomasia.net/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd8a-294c-4651-8c83-4a3b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'bloomasia.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd8a-1f8c-4cf6-895d-4da9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd8a-1f8c-4cf6-895d-4da9950d210f",
|
|
|
|
"ipv4-addr--5950fd8a-1f8c-4cf6-895d-4da9950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd8a-1f8c-4cf6-895d-4da9950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd8a-1f8c-4cf6-895d-4da9950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd8a-1f8c-4cf6-895d-4da9950d210f",
|
|
|
|
"value": "162.251.85.205"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd8b-3530-4859-9cc5-4e1c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://brontorittoozzo.com/af/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd8b-a0a0-424d-bbab-837b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'brontorittoozzo.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd8b-e240-4b80-a31d-4002950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd8b-e240-4b80-a31d-4002950d210f",
|
|
|
|
"ipv4-addr--5950fd8b-e240-4b80-a31d-4002950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd8b-e240-4b80-a31d-4002950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd8b-e240-4b80-a31d-4002950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd8b-e240-4b80-a31d-4002950d210f",
|
|
|
|
"value": "46.173.218.214"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd8b-4098-4630-85f0-8380950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd8b-4098-4630-85f0-8380950d210f",
|
|
|
|
"ipv4-addr--5950fd8b-4098-4630-85f0-8380950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd8b-4098-4630-85f0-8380950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd8b-4098-4630-85f0-8380950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd8b-4098-4630-85f0-8380950d210f",
|
|
|
|
"value": "46.173.218.249"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd8b-ea3c-46a5-8175-da14950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://camberwellroofing.com.au/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd8b-3db8-45fd-86d1-45a2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'camberwellroofing.com.au']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd8d-ab04-4864-acca-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd8d-ab04-4864-acca-8c2d950d210f",
|
|
|
|
"ipv4-addr--5950fd8d-ab04-4864-acca-8c2d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd8d-ab04-4864-acca-8c2d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd8d-ab04-4864-acca-8c2d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd8d-ab04-4864-acca-8c2d950d210f",
|
|
|
|
"value": "27.131.109.130"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd8d-987c-418e-a804-837b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://chulkyu.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd8d-bf48-4bcc-82dc-4f0a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'chulkyu.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd8d-dbe8-4826-81e2-40b6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd8d-dbe8-4826-81e2-40b6950d210f",
|
|
|
|
"ipv4-addr--5950fd8d-dbe8-4826-81e2-40b6950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd8d-dbe8-4826-81e2-40b6950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd8d-dbe8-4826-81e2-40b6950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd8d-dbe8-4826-81e2-40b6950d210f",
|
|
|
|
"value": "175.126.195.54"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd8e-53b4-4d69-937d-47de950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://dextron.de/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd8e-dd8c-4c9b-a7a2-8380950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'dextron.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd8e-54d0-43d6-b623-407b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd8e-54d0-43d6-b623-407b950d210f",
|
|
|
|
"ipv4-addr--5950fd8e-54d0-43d6-b623-407b950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd8e-54d0-43d6-b623-407b950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd8e-54d0-43d6-b623-407b950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd8e-54d0-43d6-b623-407b950d210f",
|
|
|
|
"value": "81.169.145.163"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd8e-2a34-4b50-9a57-da14950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://drutha.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd8e-fa4c-425e-bfc2-4c05950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'drutha.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd8f-106c-482c-a62a-4ee7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd8f-106c-482c-a62a-4ee7950d210f",
|
|
|
|
"ipv4-addr--5950fd8f-106c-482c-a62a-4ee7950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd8f-106c-482c-a62a-4ee7950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd8f-106c-482c-a62a-4ee7950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd8f-106c-482c-a62a-4ee7950d210f",
|
|
|
|
"value": "162.251.80.21"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd8f-5be8-4ff9-93f4-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://earsay.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd8f-5a0c-467f-a89b-44d2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'earsay.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd90-87e4-456e-b0f4-4356950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd90-87e4-456e-b0f4-4356950d210f",
|
|
|
|
"ipv4-addr--5950fd90-87e4-456e-b0f4-4356950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd90-87e4-456e-b0f4-4356950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd90-87e4-456e-b0f4-4356950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd90-87e4-456e-b0f4-4356950d210f",
|
|
|
|
"value": "69.90.161.220"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd90-4568-4f7b-8dc4-4d7a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://edelmix.es/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd90-c788-4ecc-a21f-47fe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'edelmix.es']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd91-e308-40ee-9955-446f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd91-e308-40ee-9955-446f950d210f",
|
|
|
|
"ipv4-addr--5950fd91-e308-40ee-9955-446f950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd91-e308-40ee-9955-446f950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd91-e308-40ee-9955-446f950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd91-e308-40ee-9955-446f950d210f",
|
|
|
|
"value": "81.169.145.86"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd91-eee8-4611-8269-d5c6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://freelapaustralia.com.au/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd91-0508-45ef-8e43-405d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'freelapaustralia.com.au']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd91-556c-49d5-81af-4f93950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd91-556c-49d5-81af-4f93950d210f",
|
|
|
|
"ipv4-addr--5950fd91-556c-49d5-81af-4f93950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd91-556c-49d5-81af-4f93950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd91-556c-49d5-81af-4f93950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd91-556c-49d5-81af-4f93950d210f",
|
|
|
|
"value": "43.243.119.253"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd91-4000-455e-aef7-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://gbdco.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd91-b3c4-4cfd-aeae-837b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'gbdco.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd92-f3fc-48a7-ad88-4844950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd92-f3fc-48a7-ad88-4844950d210f",
|
|
|
|
"ipv4-addr--5950fd92-f3fc-48a7-ad88-4844950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd92-f3fc-48a7-ad88-4844950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd92-f3fc-48a7-ad88-4844950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd92-f3fc-48a7-ad88-4844950d210f",
|
|
|
|
"value": "43.225.55.90"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd92-1188-475f-8451-4562950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://germania2.bravepages.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd92-5be4-4566-95bf-42a6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'germania2.bravepages.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd92-fb00-4f24-839c-8380950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd92-fb00-4f24-839c-8380950d210f",
|
|
|
|
"ipv4-addr--5950fd92-fb00-4f24-839c-8380950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd92-fb00-4f24-839c-8380950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd92-fb00-4f24-839c-8380950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd92-fb00-4f24-839c-8380950d210f",
|
|
|
|
"value": "66.219.202.10"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd92-7ab4-4a49-bf2b-49ee950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://hrlpk.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd93-2254-46e1-bbbc-da14950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'hrlpk.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd94-4aa4-422a-b651-4819950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd94-4aa4-422a-b651-4819950d210f",
|
|
|
|
"ipv4-addr--5950fd94-4aa4-422a-b651-4819950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd94-4aa4-422a-b651-4819950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd94-4aa4-422a-b651-4819950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd94-4aa4-422a-b651-4819950d210f",
|
|
|
|
"value": "203.124.43.229"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd94-ce9c-4234-9d55-463b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://hyperblockly.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd94-1c00-48ff-a1f9-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'hyperblockly.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd94-dbe0-40a9-ac6b-46db950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd94-dbe0-40a9-ac6b-46db950d210f",
|
|
|
|
"ipv4-addr--5950fd94-dbe0-40a9-ac6b-46db950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd94-dbe0-40a9-ac6b-46db950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd94-dbe0-40a9-ac6b-46db950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd94-dbe0-40a9-ac6b-46db950d210f",
|
|
|
|
"value": "66.115.144.70"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd94-6330-4ae3-adcf-47ec950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://i2iapp.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd94-8864-4977-ab8c-4bf4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'i2iapp.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd95-f57c-4df8-a334-43f3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd95-f57c-4df8-a334-43f3950d210f",
|
|
|
|
"ipv4-addr--5950fd95-f57c-4df8-a334-43f3950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd95-f57c-4df8-a334-43f3950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd95-f57c-4df8-a334-43f3950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd95-f57c-4df8-a334-43f3950d210f",
|
|
|
|
"value": "160.153.131.152"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd95-b778-4261-a690-4c74950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://ibudian.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd95-f528-47c4-b8ee-d5c6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ibudian.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd95-bae0-4e1a-9b6f-43b5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd95-bae0-4e1a-9b6f-43b5950d210f",
|
|
|
|
"ipv4-addr--5950fd95-bae0-4e1a-9b6f-43b5950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd95-bae0-4e1a-9b6f-43b5950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd95-bae0-4e1a-9b6f-43b5950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd95-bae0-4e1a-9b6f-43b5950d210f",
|
|
|
|
"value": "122.9.52.203"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd95-2884-434f-9cb0-4203950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://itbouquet.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd95-b1b4-4768-acdc-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'itbouquet.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd96-5604-4d90-9921-837b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd96-5604-4d90-9921-837b950d210f",
|
|
|
|
"ipv4-addr--5950fd96-5604-4d90-9921-837b950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd96-5604-4d90-9921-837b950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd96-5604-4d90-9921-837b950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd96-5604-4d90-9921-837b950d210f",
|
|
|
|
"value": "115.186.148.123"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd96-7534-4967-9c34-495e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://jointpainsrelief.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd96-00c8-45ad-b234-4e29950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'jointpainsrelief.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd96-d7f4-4127-ab81-4a83950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd96-d7f4-4127-ab81-4a83950d210f",
|
|
|
|
"ipv4-addr--5950fd96-d7f4-4127-ab81-4a83950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd96-d7f4-4127-ab81-4a83950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd96-d7f4-4127-ab81-4a83950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd96-d7f4-4127-ab81-4a83950d210f",
|
|
|
|
"value": "43.225.55.204"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd96-9274-4c23-a79a-8380950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://keysback.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd96-95b8-424f-ad51-4f10950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'keysback.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd97-8e3c-494d-9cb1-da14950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd97-8e3c-494d-9cb1-da14950d210f",
|
|
|
|
"ipv4-addr--5950fd97-8e3c-494d-9cb1-da14950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd97-8e3c-494d-9cb1-da14950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd97-8e3c-494d-9cb1-da14950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd97-8e3c-494d-9cb1-da14950d210f",
|
|
|
|
"value": "81.169.145.165"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd97-08f0-4689-94fb-402e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://kitchenandgifts.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd97-22d8-4f58-9e1b-471c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'kitchenandgifts.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd97-1148-4fd5-9612-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd97-1148-4fd5-9612-8c36950d210f",
|
|
|
|
"ipv4-addr--5950fd97-1148-4fd5-9612-8c36950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd97-1148-4fd5-9612-8c36950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd97-1148-4fd5-9612-8c36950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd97-1148-4fd5-9612-8c36950d210f",
|
|
|
|
"value": "192.185.224.197"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd97-7434-4cad-aad8-41b2950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://lamweb123.net/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd98-1680-4df0-a416-4455950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'lamweb123.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd99-201c-4fe9-9930-4f60950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd99-201c-4fe9-9930-4f60950d210f",
|
|
|
|
"ipv4-addr--5950fd99-201c-4fe9-9930-4f60950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd99-201c-4fe9-9930-4f60950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd99-201c-4fe9-9930-4f60950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd99-201c-4fe9-9930-4f60950d210f",
|
|
|
|
"value": "125.212.224.157"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd99-171c-4154-82d9-d5c6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://langhaug.no/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd99-60c0-4095-9c3c-4061950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'langhaug.no']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd99-d6d8-447c-be1f-4ffb950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd99-d6d8-447c-be1f-4ffb950d210f",
|
|
|
|
"ipv4-addr--5950fd99-d6d8-447c-be1f-4ffb950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd99-d6d8-447c-be1f-4ffb950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd99-d6d8-447c-be1f-4ffb950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd99-d6d8-447c-be1f-4ffb950d210f",
|
|
|
|
"value": "46.30.213.193"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd99-8688-4c06-b02b-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://libre-brave.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9a-0d88-4a0b-a506-837b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'libre-brave.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd9a-aff0-4108-ae3a-4e32950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd9a-aff0-4108-ae3a-4e32950d210f",
|
|
|
|
"ipv4-addr--5950fd9a-aff0-4108-ae3a-4e32950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd9a-aff0-4108-ae3a-4e32950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd9a-aff0-4108-ae3a-4e32950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd9a-aff0-4108-ae3a-4e32950d210f",
|
|
|
|
"value": "208.117.46.237"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9a-517c-4414-b5df-4a53950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://malamalamak9.net/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9a-48b4-401c-abfd-4ece950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'malamalamak9.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd9a-10ac-43e2-bb15-8380950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd9a-10ac-43e2-bb15-8380950d210f",
|
|
|
|
"ipv4-addr--5950fd9a-10ac-43e2-bb15-8380950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd9a-10ac-43e2-bb15-8380950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd9a-10ac-43e2-bb15-8380950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd9a-10ac-43e2-bb15-8380950d210f",
|
|
|
|
"value": "74.122.121.8"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9a-3d78-44ae-868e-4079950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://medfarmu.ru/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9b-44bc-4bfc-a565-da14950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'medfarmu.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd9b-1030-4875-b373-4b73950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd9b-1030-4875-b373-4b73950d210f",
|
|
|
|
"ipv4-addr--5950fd9b-1030-4875-b373-4b73950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd9b-1030-4875-b373-4b73950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd9b-1030-4875-b373-4b73950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd9b-1030-4875-b373-4b73950d210f",
|
|
|
|
"value": "93.171.217.153"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9b-b11c-45a4-b204-4dfd950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mediawax.be/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9b-96a8-491d-8ffc-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mediawax.be']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd9b-357c-4987-83fb-41c0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd9b-357c-4987-83fb-41c0950d210f",
|
|
|
|
"ipv4-addr--5950fd9b-357c-4987-83fb-41c0950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd9b-357c-4987-83fb-41c0950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd9b-357c-4987-83fb-41c0950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd9b-357c-4987-83fb-41c0950d210f",
|
|
|
|
"value": "5.61.252.24"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9c-6a48-4d24-916d-4666950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://oscarbenson.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9c-a1dc-49c4-b61e-46b5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'oscarbenson.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd9d-24a8-4f7d-84bc-4edc950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd9d-24a8-4f7d-84bc-4edc950d210f",
|
|
|
|
"ipv4-addr--5950fd9d-24a8-4f7d-84bc-4edc950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd9d-24a8-4f7d-84bc-4edc950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd9d-24a8-4f7d-84bc-4edc950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd9d-24a8-4f7d-84bc-4edc950d210f",
|
|
|
|
"value": "202.181.132.161"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9d-024c-42d7-a746-4d0c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://polistar.net/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9d-9d40-47e7-b67a-d5c6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'polistar.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd9d-ef10-421c-9357-4951950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd9d-ef10-421c-9357-4951950d210f",
|
|
|
|
"ipv4-addr--5950fd9d-ef10-421c-9357-4951950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd9d-ef10-421c-9357-4951950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd9d-ef10-421c-9357-4951950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd9d-ef10-421c-9357-4951950d210f",
|
|
|
|
"value": "89.111.176.93"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9e-a0e4-42a7-bfd6-428f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://randomessstioprottoy.net/af/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9e-856c-4acc-82bc-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'randomessstioprottoy.net']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9e-5c30-48de-94d3-4132950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://rotarychieti.it/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9e-066c-4103-ad9a-456c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rotarychieti.it']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd9e-12f8-4d11-8e24-413c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd9e-12f8-4d11-8e24-413c950d210f",
|
|
|
|
"ipv4-addr--5950fd9e-12f8-4d11-8e24-413c950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd9e-12f8-4d11-8e24-413c950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd9e-12f8-4d11-8e24-413c950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd9e-12f8-4d11-8e24-413c950d210f",
|
|
|
|
"value": "151.1.182.14"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9e-bb74-42e4-98f6-8380950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://sberleasing.ru/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9f-4800-427c-b94c-4eb5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'sberleasing.ru']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fd9f-9b78-40ca-bd10-da14950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fd9f-9b78-40ca-bd10-da14950d210f",
|
|
|
|
"ipv4-addr--5950fd9f-9b78-40ca-bd10-da14950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fd9f-9b78-40ca-bd10-da14950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fd9f-9b78-40ca-bd10-da14950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fd9f-9b78-40ca-bd10-da14950d210f",
|
|
|
|
"value": "194.58.88.162"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fd9f-7cd0-489e-88de-4f8e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://shopf3.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda0-6000-4b9a-9956-4b19950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'shopf3.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fda0-3d3c-49fe-9ba9-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fda0-3d3c-49fe-9ba9-8c36950d210f",
|
|
|
|
"ipv4-addr--5950fda0-3d3c-49fe-9ba9-8c36950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fda0-3d3c-49fe-9ba9-8c36950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fda0-3d3c-49fe-9ba9-8c36950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fda0-3d3c-49fe-9ba9-8c36950d210f",
|
|
|
|
"value": "160.153.42.132"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda0-dce8-4547-9d0f-4bea950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://skyfling.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda0-fb70-4af6-9783-4a64950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'skyfling.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fda0-d830-49fe-8337-410f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fda0-d830-49fe-8337-410f950d210f",
|
|
|
|
"ipv4-addr--5950fda0-d830-49fe-8337-410f950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fda0-d830-49fe-8337-410f950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fda0-d830-49fe-8337-410f950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fda0-d830-49fe-8337-410f950d210f",
|
|
|
|
"value": "103.53.42.51"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda0-44e0-40fe-81bc-489f950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://stalaktit-indonesia.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda1-e438-4f6a-b8f5-4d0c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'stalaktit-indonesia.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fda1-55f0-4213-b064-d5c6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fda1-55f0-4213-b064-d5c6950d210f",
|
|
|
|
"ipv4-addr--5950fda1-55f0-4213-b064-d5c6950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fda1-55f0-4213-b064-d5c6950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fda1-55f0-4213-b064-d5c6950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fda1-55f0-4213-b064-d5c6950d210f",
|
|
|
|
"value": "202.52.146.56"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda1-2ddc-44b6-ba5b-4873950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://teekayu.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda1-e6f0-4645-af69-4033950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'teekayu.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fda2-e49c-4cdc-a765-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fda2-e49c-4cdc-a765-8c2d950d210f",
|
|
|
|
"ipv4-addr--5950fda2-e49c-4cdc-a765-8c2d950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fda2-e49c-4cdc-a765-8c2d950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fda2-e49c-4cdc-a765-8c2d950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fda2-e49c-4cdc-a765-8c2d950d210f",
|
|
|
|
"value": "203.146.127.133"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda2-66cc-4850-a012-837b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://thephonks.de/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda2-b8a4-42af-affc-4455950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'thephonks.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fda2-e100-4787-8ceb-43c4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fda2-e100-4787-8ceb-43c4950d210f",
|
|
|
|
"ipv4-addr--5950fda2-e100-4787-8ceb-43c4950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fda2-e100-4787-8ceb-43c4950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fda2-e100-4787-8ceb-43c4950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fda2-e100-4787-8ceb-43c4950d210f",
|
|
|
|
"value": "81.169.145.164"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda2-84d4-4276-b6c9-493a950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://thepickintool.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda3-7398-4a2e-9659-8380950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'thepickintool.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fda3-26f0-4680-b148-4543950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fda3-26f0-4680-b148-4543950d210f",
|
|
|
|
"ipv4-addr--5950fda3-26f0-4680-b148-4543950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fda3-26f0-4680-b148-4543950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fda3-26f0-4680-b148-4543950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fda3-26f0-4680-b148-4543950d210f",
|
|
|
|
"value": "192.254.234.175"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda3-4574-4a39-85ef-da14950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://tulibistro.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda3-2294-440b-89e2-44e4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'tulibistro.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fda4-6d34-4ba1-be57-4d31950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fda4-6d34-4ba1-be57-4d31950d210f",
|
|
|
|
"ipv4-addr--5950fda4-6d34-4ba1-be57-4d31950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fda4-6d34-4ba1-be57-4d31950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fda4-6d34-4ba1-be57-4d31950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fda4-6d34-4ba1-be57-4d31950d210f",
|
|
|
|
"value": "198.54.115.6"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda4-70e0-48f4-a773-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://wesser24.de/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda4-9460-4469-bfcc-4293950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'wesser24.de']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fda4-de7c-4448-a13f-4e87950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fda4-de7c-4448-a13f-4e87950d210f",
|
|
|
|
"ipv4-addr--5950fda4-de7c-4448-a13f-4e87950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fda4-de7c-4448-a13f-4e87950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fda4-de7c-4448-a13f-4e87950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fda4-de7c-4448-a13f-4e87950d210f",
|
|
|
|
"value": "81.169.145.82"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda4-f5b0-4a3f-85bc-40a5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://xn----8sb4abph0af.com/njdshf73']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda4-0580-4c38-a9f5-4ec7950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'xn----8sb4abph0af.com']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fda5-34d8-48cf-a18f-4f73950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fda5-34d8-48cf-a18f-4f73950d210f",
|
|
|
|
"ipv4-addr--5950fda5-34d8-48cf-a18f-4f73950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fda5-34d8-48cf-a18f-4f73950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fda5-34d8-48cf-a18f-4f73950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fda5-34d8-48cf-a18f-4f73950d210f",
|
|
|
|
"value": "51.255.157.19"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fda5-2440-4d10-8542-d5c6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--5950fda5-2440-4d10-8542-d5c6950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--5950fda5-2440-4d10-8542-d5c6950d210f",
|
|
|
|
"value": "http://91.234.34.98/checkupdate"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fda5-6940-4e4b-95d0-48ac950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fda5-6940-4e4b-95d0-48ac950d210f",
|
|
|
|
"ipv4-addr--5950fda5-6940-4e4b-95d0-48ac950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fda5-6940-4e4b-95d0-48ac950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fda5-6940-4e4b-95d0-48ac950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fda5-6940-4e4b-95d0-48ac950d210f",
|
|
|
|
"value": "91.234.34.98"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda5-83dc-4ac8-9746-4253950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://aejhpovgmpg.pw/checkupdate']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda5-4214-4f69-a03a-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'aejhpovgmpg.pw']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--5950fda5-224c-42b8-b481-837b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:31Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"network-traffic--5950fda5-224c-42b8-b481-837b950d210f",
|
|
|
|
"ipv4-addr--5950fda5-224c-42b8-b481-837b950d210f"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"ip-dst\"",
|
|
|
|
"misp:category=\"Network activity\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "network-traffic",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "network-traffic--5950fda5-224c-42b8-b481-837b950d210f",
|
|
|
|
"dst_ref": "ipv4-addr--5950fda5-224c-42b8-b481-837b950d210f",
|
|
|
|
"protocols": [
|
|
|
|
"tcp"
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "ipv4-addr",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "ipv4-addr--5950fda5-224c-42b8-b481-837b950d210f",
|
|
|
|
"value": "141.8.226.58"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda6-97cc-4520-919c-4920950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://ccikylqrgyythm.info/checkupdate']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda6-be54-4e9b-97d4-8a6e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ccikylqrgyythm.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda6-a5a0-41b9-8987-42f5950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://rfsucux.pl/checkupdate']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda6-9a90-49bc-b607-4ad6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'rfsucux.pl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda6-dcd8-4a74-a1a5-8380950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://caynosfilql.org/checkupdate']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda7-265c-44a8-a43c-4337950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'caynosfilql.org']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda7-30d8-409a-8e43-da14950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://uibvdtcjemduah.work/checkupdate']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda7-5e40-48c0-b100-47e0950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'uibvdtcjemduah.work']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda7-30c4-410b-8542-45c4950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://cfqmcgavqics.info/checkupdate']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda7-fed4-412d-94cf-8c36950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'cfqmcgavqics.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda8-b43c-4c19-ab6c-4b24950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://phustpnjrwijv.info/checkupdate']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda8-f3d8-4021-b87d-4cbe950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'phustpnjrwijv.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda8-7ea0-4edb-96da-4fd9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://ycbstxdogx.pw/checkupdate']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda8-bb88-4178-bcad-4cc3950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'ycbstxdogx.pw']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda8-367c-4aae-82a7-d5c6950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://mafxaimsa.pl/checkupdate']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda9-a038-4034-9669-4b1c950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'mafxaimsa.pl']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda9-1224-4078-872b-4182950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://xtblvmgqgbwtc.work/checkupdate']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda9-46e4-4012-8499-8c2d950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'xtblvmgqgbwtc.work']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda9-9138-4137-a2d7-837b950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://tdtqpmc.info/checkupdate']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fda9-4220-406e-a38e-440e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'tdtqpmc.info']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fdaa-0144-4fa4-a13a-8a6e950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[url:value = 'http://romjuhlbovakjorip.work/checkupdate']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"url\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--5950fdaa-2360-41cf-aa7d-46a9950d210f",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:31.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:31.000Z",
|
|
|
|
"pattern": "[domain-name:value = 'romjuhlbovakjorip.work']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:31Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Network activity"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"hostname\"",
|
|
|
|
"misp:category=\"Network activity\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59520c6b-ea1c-4eef-bc62-445802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:35.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:35.000Z",
|
|
|
|
"description": "- Xchecked via VT: a0d81f0bffb0e20a34191385031cf17a",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '8015133c16d41fdfbeb5f86f5d82ffb124a131ed012375d3cf70babe2f440ac8']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59520c6b-239c-47fb-85fa-426702de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:35.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:35.000Z",
|
|
|
|
"description": "- Xchecked via VT: a0d81f0bffb0e20a34191385031cf17a",
|
|
|
|
"pattern": "[file:hashes.SHA1 = 'f5fce485a72ab82a5e5b48b98befd5e0568a83e1']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59520c6b-f6cc-40d8-9152-461802de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:35.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:35.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:35Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--59520c6b-f6cc-40d8-9152-461802de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--59520c6b-f6cc-40d8-9152-461802de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/8015133c16d41fdfbeb5f86f5d82ffb124a131ed012375d3cf70babe2f440ac8/analysis/1498534077/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59520c6b-4148-4137-8a03-459702de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:35.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:35.000Z",
|
|
|
|
"description": "- Xchecked via VT: 8cd9f803947badddbfafc584edfdeebb",
|
|
|
|
"pattern": "[file:hashes.SHA256 = '83b366204ef60cca5468c2db1baadeb7590f97493c451fa005f9b583ce691133']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha256\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "indicator",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "indicator--59520c6b-4c90-4345-8f1d-488002de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:35.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:35.000Z",
|
|
|
|
"description": "- Xchecked via VT: 8cd9f803947badddbfafc584edfdeebb",
|
|
|
|
"pattern": "[file:hashes.SHA1 = '3e19f754ea0fef9e62d91dfd4f22e6c73240bcbc']",
|
|
|
|
"pattern_type": "stix",
|
|
|
|
"pattern_version": "2.1",
|
|
|
|
"valid_from": "2017-06-27T07:42:35Z",
|
|
|
|
"kill_chain_phases": [
|
|
|
|
{
|
|
|
|
"kill_chain_name": "misp-category",
|
|
|
|
"phase_name": "Artifacts dropped"
|
|
|
|
}
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"sha1\"",
|
|
|
|
"misp:category=\"Artifacts dropped\"",
|
|
|
|
"misp:to_ids=\"True\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "observed-data",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "observed-data--59520c6b-1330-4c12-a346-439402de0b81",
|
|
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
|
|
"created": "2017-06-27T07:42:35.000Z",
|
|
|
|
"modified": "2017-06-27T07:42:35.000Z",
|
|
|
|
"first_observed": "2017-06-27T07:42:35Z",
|
|
|
|
"last_observed": "2017-06-27T07:42:35Z",
|
|
|
|
"number_observed": 1,
|
|
|
|
"object_refs": [
|
|
|
|
"url--59520c6b-1330-4c12-a346-439402de0b81"
|
|
|
|
],
|
|
|
|
"labels": [
|
|
|
|
"misp:type=\"link\"",
|
|
|
|
"misp:category=\"External analysis\""
|
|
|
|
]
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "url",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "url--59520c6b-1330-4c12-a346-439402de0b81",
|
|
|
|
"value": "https://www.virustotal.com/file/83b366204ef60cca5468c2db1baadeb7590f97493c451fa005f9b583ce691133/analysis/1498534342/"
|
|
|
|
},
|
|
|
|
{
|
|
|
|
"type": "marking-definition",
|
|
|
|
"spec_version": "2.1",
|
|
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
|
|
"definition_type": "tlp",
|
|
|
|
"name": "TLP:WHITE",
|
|
|
|
"definition": {
|
|
|
|
"tlp": "white"
|
|
|
|
}
|
|
|
|
}
|
2023-04-21 13:25:09 +00:00
|
|
|
]
|
|
|
|
}
|