1385 lines
55 KiB
JSON
1385 lines
55 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--59cbb4ef-1310-4e85-8432-4879950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:32.000Z",
|
||
|
"modified": "2017-09-27T15:08:32.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--59cbb4ef-1310-4e85-8432-4879950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:32.000Z",
|
||
|
"modified": "2017-09-27T15:08:32.000Z",
|
||
|
"name": "M2M - Locky 2017-09-27 : Affid=3, offline, \".ykcol\" :\n \"INVOICE\" - \"A1234-5678901234.7z\"",
|
||
|
"published": "2017-09-27T15:08:39Z",
|
||
|
"object_refs": [
|
||
|
"indicator--59cbb4f0-9360-42b7-89f0-4e4d950d210f",
|
||
|
"indicator--59cbb4f0-94d4-4d80-97dc-483b950d210f",
|
||
|
"indicator--59cbb4f0-0470-4ae8-b4fc-48a3950d210f",
|
||
|
"observed-data--59cbb4f0-cde8-4b39-8644-4100950d210f",
|
||
|
"network-traffic--59cbb4f0-cde8-4b39-8644-4100950d210f",
|
||
|
"ipv4-addr--59cbb4f0-cde8-4b39-8644-4100950d210f",
|
||
|
"indicator--59cbb4f1-8188-45f0-aea0-4e7e950d210f",
|
||
|
"indicator--59cbb4f1-5658-4600-a2a6-41d3950d210f",
|
||
|
"observed-data--59cbb4f1-1814-458c-b287-4c34950d210f",
|
||
|
"network-traffic--59cbb4f1-1814-458c-b287-4c34950d210f",
|
||
|
"ipv4-addr--59cbb4f1-1814-458c-b287-4c34950d210f",
|
||
|
"indicator--59cbb4f1-20bc-4c0a-80ad-4b1a950d210f",
|
||
|
"indicator--59cbb4f2-26e4-473e-86f7-4c43950d210f",
|
||
|
"observed-data--59cbb4f2-be64-4bc7-9900-47b4950d210f",
|
||
|
"network-traffic--59cbb4f2-be64-4bc7-9900-47b4950d210f",
|
||
|
"ipv4-addr--59cbb4f2-be64-4bc7-9900-47b4950d210f",
|
||
|
"indicator--59cbb4f2-9538-4a7f-9702-43cd950d210f",
|
||
|
"indicator--59cbb4f2-6cdc-4b4d-ab07-4a69950d210f",
|
||
|
"observed-data--59cbb4f3-b870-4ed0-8795-4f83950d210f",
|
||
|
"network-traffic--59cbb4f3-b870-4ed0-8795-4f83950d210f",
|
||
|
"ipv4-addr--59cbb4f3-b870-4ed0-8795-4f83950d210f",
|
||
|
"indicator--59cbb4f3-6d80-4d64-9ed7-477e950d210f",
|
||
|
"indicator--59cbb4f3-7200-4366-8a34-4451950d210f",
|
||
|
"observed-data--59cbb4f3-a4a8-49aa-8f78-45cc950d210f",
|
||
|
"network-traffic--59cbb4f3-a4a8-49aa-8f78-45cc950d210f",
|
||
|
"ipv4-addr--59cbb4f3-a4a8-49aa-8f78-45cc950d210f",
|
||
|
"indicator--59cbb4f4-9bc0-4d8d-87e0-4e35950d210f",
|
||
|
"indicator--59cbb4f4-48f4-4831-8425-4002950d210f",
|
||
|
"observed-data--59cbb4f5-9eac-443e-a25d-4559950d210f",
|
||
|
"network-traffic--59cbb4f5-9eac-443e-a25d-4559950d210f",
|
||
|
"ipv4-addr--59cbb4f5-9eac-443e-a25d-4559950d210f",
|
||
|
"indicator--59cbb4f5-9064-4234-8935-4ef4950d210f",
|
||
|
"indicator--59cbb4f6-99fc-44df-a68f-4cff950d210f",
|
||
|
"observed-data--59cbb4f7-86dc-402d-b0ed-4ef7950d210f",
|
||
|
"network-traffic--59cbb4f7-86dc-402d-b0ed-4ef7950d210f",
|
||
|
"ipv4-addr--59cbb4f7-86dc-402d-b0ed-4ef7950d210f",
|
||
|
"indicator--59cbb4f7-c704-4cc1-ab59-4df1950d210f",
|
||
|
"indicator--59cbb4f7-7c7c-4e02-a1ba-4c31950d210f",
|
||
|
"observed-data--59cbb4f8-ff10-4930-a4ac-4594950d210f",
|
||
|
"network-traffic--59cbb4f8-ff10-4930-a4ac-4594950d210f",
|
||
|
"ipv4-addr--59cbb4f8-ff10-4930-a4ac-4594950d210f",
|
||
|
"indicator--59cbb4f8-cb68-4cf5-bb8f-4957950d210f",
|
||
|
"indicator--59cbb4f8-6d68-4271-aef6-42c5950d210f",
|
||
|
"observed-data--59cbb4f8-1df8-4e94-afc5-4578950d210f",
|
||
|
"network-traffic--59cbb4f8-1df8-4e94-afc5-4578950d210f",
|
||
|
"ipv4-addr--59cbb4f8-1df8-4e94-afc5-4578950d210f",
|
||
|
"indicator--59cbb4f9-2bc8-4333-bb4c-45cd950d210f",
|
||
|
"indicator--59cbb4f9-25d4-4f72-b829-4330950d210f",
|
||
|
"observed-data--59cbb4f9-f18c-41e2-a3f0-4165950d210f",
|
||
|
"network-traffic--59cbb4f9-f18c-41e2-a3f0-4165950d210f",
|
||
|
"ipv4-addr--59cbb4f9-f18c-41e2-a3f0-4165950d210f",
|
||
|
"indicator--59cbb4fa-1920-49e6-b481-431e950d210f",
|
||
|
"indicator--59cbb4fa-bd10-4757-9330-4f90950d210f",
|
||
|
"observed-data--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f",
|
||
|
"network-traffic--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f",
|
||
|
"ipv4-addr--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f",
|
||
|
"indicator--59cbb4fa-9dd4-45b0-99a5-4ed0950d210f",
|
||
|
"indicator--59cbb4fb-77dc-4c59-8e1a-4d82950d210f",
|
||
|
"observed-data--59cbb4fb-2d64-4bde-9673-4f8b950d210f",
|
||
|
"network-traffic--59cbb4fb-2d64-4bde-9673-4f8b950d210f",
|
||
|
"ipv4-addr--59cbb4fb-2d64-4bde-9673-4f8b950d210f",
|
||
|
"indicator--59cbb4fb-9508-432d-9df0-468b950d210f",
|
||
|
"indicator--59cbb4fb-c3e0-4165-be84-45af950d210f",
|
||
|
"observed-data--59cbb4fd-21c4-4520-8ead-4271950d210f",
|
||
|
"network-traffic--59cbb4fd-21c4-4520-8ead-4271950d210f",
|
||
|
"ipv4-addr--59cbb4fd-21c4-4520-8ead-4271950d210f",
|
||
|
"indicator--59cbb4fe-3bf8-456e-9ac4-4c25950d210f",
|
||
|
"indicator--59cbb4fe-a1b0-4ad8-8864-4493950d210f",
|
||
|
"observed-data--59cbb4fe-ead4-4042-b3b2-4a47950d210f",
|
||
|
"network-traffic--59cbb4fe-ead4-4042-b3b2-4a47950d210f",
|
||
|
"ipv4-addr--59cbb4fe-ead4-4042-b3b2-4a47950d210f",
|
||
|
"indicator--59cbb4ff-7ec8-4220-8b38-4548950d210f",
|
||
|
"indicator--59cbb4ff-32d8-462f-90f7-4b6e950d210f",
|
||
|
"indicator--59cbbeea-0cd8-4013-bd2d-190802de0b81",
|
||
|
"indicator--59cbbeea-83d4-47e2-b522-190802de0b81",
|
||
|
"observed-data--59cbbeea-6980-4c6c-b680-190802de0b81",
|
||
|
"url--59cbbeea-6980-4c6c-b680-190802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"ecsirt:malicious-code=\"ransomware\"",
|
||
|
"misp-galaxy:ransomware=\"Locky\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f0-9360-42b7-89f0-4e4d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '1c1a6b70b5e2b13c019d5cbdf0f12738']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f0-94d4-4d80-97dc-483b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[url:value = 'http://antwerpvillas.com/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f0-0470-4ae8-b4fc-48a3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[domain-name:value = 'antwerpvillas.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbb4f0-cde8-4b39-8644-4100950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:26Z",
|
||
|
"last_observed": "2017-09-27T15:08:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59cbb4f0-cde8-4b39-8644-4100950d210f",
|
||
|
"ipv4-addr--59cbb4f0-cde8-4b39-8644-4100950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59cbb4f0-cde8-4b39-8644-4100950d210f",
|
||
|
"dst_ref": "ipv4-addr--59cbb4f0-cde8-4b39-8644-4100950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59cbb4f0-cde8-4b39-8644-4100950d210f",
|
||
|
"value": "78.40.96.174"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f1-8188-45f0-aea0-4e7e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[url:value = 'http://apethorpevillage.co.uk/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f1-5658-4600-a2a6-41d3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[domain-name:value = 'apethorpevillage.co.uk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbb4f1-1814-458c-b287-4c34950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:26Z",
|
||
|
"last_observed": "2017-09-27T15:08:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59cbb4f1-1814-458c-b287-4c34950d210f",
|
||
|
"ipv4-addr--59cbb4f1-1814-458c-b287-4c34950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59cbb4f1-1814-458c-b287-4c34950d210f",
|
||
|
"dst_ref": "ipv4-addr--59cbb4f1-1814-458c-b287-4c34950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59cbb4f1-1814-458c-b287-4c34950d210f",
|
||
|
"value": "88.150.140.239"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f1-20bc-4c0a-80ad-4b1a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[url:value = 'http://asi-automazioni.com/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f2-26e4-473e-86f7-4c43950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[domain-name:value = 'asi-automazioni.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbb4f2-be64-4bc7-9900-47b4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:26Z",
|
||
|
"last_observed": "2017-09-27T15:08:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59cbb4f2-be64-4bc7-9900-47b4950d210f",
|
||
|
"ipv4-addr--59cbb4f2-be64-4bc7-9900-47b4950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59cbb4f2-be64-4bc7-9900-47b4950d210f",
|
||
|
"dst_ref": "ipv4-addr--59cbb4f2-be64-4bc7-9900-47b4950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59cbb4f2-be64-4bc7-9900-47b4950d210f",
|
||
|
"value": "5.135.180.43"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f2-9538-4a7f-9702-43cd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[url:value = 'http://freevillemusic.com/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f2-6cdc-4b4d-ab07-4a69950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[domain-name:value = 'freevillemusic.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbb4f3-b870-4ed0-8795-4f83950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:26Z",
|
||
|
"last_observed": "2017-09-27T15:08:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59cbb4f3-b870-4ed0-8795-4f83950d210f",
|
||
|
"ipv4-addr--59cbb4f3-b870-4ed0-8795-4f83950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59cbb4f3-b870-4ed0-8795-4f83950d210f",
|
||
|
"dst_ref": "ipv4-addr--59cbb4f3-b870-4ed0-8795-4f83950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59cbb4f3-b870-4ed0-8795-4f83950d210f",
|
||
|
"value": "66.84.8.235"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f3-6d80-4d64-9ed7-477e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[url:value = 'http://galeona.com/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f3-7200-4366-8a34-4451950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[domain-name:value = 'galeona.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbb4f3-a4a8-49aa-8f78-45cc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:26Z",
|
||
|
"last_observed": "2017-09-27T15:08:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59cbb4f3-a4a8-49aa-8f78-45cc950d210f",
|
||
|
"ipv4-addr--59cbb4f3-a4a8-49aa-8f78-45cc950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59cbb4f3-a4a8-49aa-8f78-45cc950d210f",
|
||
|
"dst_ref": "ipv4-addr--59cbb4f3-a4a8-49aa-8f78-45cc950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59cbb4f3-a4a8-49aa-8f78-45cc950d210f",
|
||
|
"value": "212.89.16.142"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f4-9bc0-4d8d-87e0-4e35950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[url:value = 'http://gdrural.com.au/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f4-48f4-4831-8425-4002950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[domain-name:value = 'gdrural.com.au']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbb4f5-9eac-443e-a25d-4559950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:26Z",
|
||
|
"last_observed": "2017-09-27T15:08:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59cbb4f5-9eac-443e-a25d-4559950d210f",
|
||
|
"ipv4-addr--59cbb4f5-9eac-443e-a25d-4559950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59cbb4f5-9eac-443e-a25d-4559950d210f",
|
||
|
"dst_ref": "ipv4-addr--59cbb4f5-9eac-443e-a25d-4559950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59cbb4f5-9eac-443e-a25d-4559950d210f",
|
||
|
"value": "113.20.6.89"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f5-9064-4234-8935-4ef4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[url:value = 'http://geocean.co.id/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f6-99fc-44df-a68f-4cff950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"pattern": "[domain-name:value = 'geocean.co.id']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbb4f7-86dc-402d-b0ed-4ef7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:25Z",
|
||
|
"last_observed": "2017-09-27T15:08:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59cbb4f7-86dc-402d-b0ed-4ef7950d210f",
|
||
|
"ipv4-addr--59cbb4f7-86dc-402d-b0ed-4ef7950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59cbb4f7-86dc-402d-b0ed-4ef7950d210f",
|
||
|
"dst_ref": "ipv4-addr--59cbb4f7-86dc-402d-b0ed-4ef7950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59cbb4f7-86dc-402d-b0ed-4ef7950d210f",
|
||
|
"value": "202.169.44.143"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f7-c704-4cc1-ab59-4df1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[url:value = 'http://gilgroup.com/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f7-7c7c-4e02-a1ba-4c31950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[domain-name:value = 'gilgroup.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbb4f8-ff10-4930-a4ac-4594950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:25Z",
|
||
|
"last_observed": "2017-09-27T15:08:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59cbb4f8-ff10-4930-a4ac-4594950d210f",
|
||
|
"ipv4-addr--59cbb4f8-ff10-4930-a4ac-4594950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59cbb4f8-ff10-4930-a4ac-4594950d210f",
|
||
|
"dst_ref": "ipv4-addr--59cbb4f8-ff10-4930-a4ac-4594950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59cbb4f8-ff10-4930-a4ac-4594950d210f",
|
||
|
"value": "216.185.44.105"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f8-cb68-4cf5-bb8f-4957950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[url:value = 'http://giraudnet.co.uk/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f8-6d68-4271-aef6-42c5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[domain-name:value = 'giraudnet.co.uk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbb4f8-1df8-4e94-afc5-4578950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:25Z",
|
||
|
"last_observed": "2017-09-27T15:08:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59cbb4f8-1df8-4e94-afc5-4578950d210f",
|
||
|
"ipv4-addr--59cbb4f8-1df8-4e94-afc5-4578950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59cbb4f8-1df8-4e94-afc5-4578950d210f",
|
||
|
"dst_ref": "ipv4-addr--59cbb4f8-1df8-4e94-afc5-4578950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59cbb4f8-1df8-4e94-afc5-4578950d210f",
|
||
|
"value": "188.165.73.129"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f9-2bc8-4333-bb4c-45cd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[url:value = 'http://glostrap.com/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4f9-25d4-4f72-b829-4330950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[domain-name:value = 'glostrap.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbb4f9-f18c-41e2-a3f0-4165950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:25Z",
|
||
|
"last_observed": "2017-09-27T15:08:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59cbb4f9-f18c-41e2-a3f0-4165950d210f",
|
||
|
"ipv4-addr--59cbb4f9-f18c-41e2-a3f0-4165950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59cbb4f9-f18c-41e2-a3f0-4165950d210f",
|
||
|
"dst_ref": "ipv4-addr--59cbb4f9-f18c-41e2-a3f0-4165950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59cbb4f9-f18c-41e2-a3f0-4165950d210f",
|
||
|
"value": "216.114.192.21"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4fa-1920-49e6-b481-431e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[url:value = 'http://graficasicarpearanjuez.com/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4fa-bd10-4757-9330-4f90950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[domain-name:value = 'graficasicarpearanjuez.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:25Z",
|
||
|
"last_observed": "2017-09-27T15:08:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f",
|
||
|
"ipv4-addr--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f",
|
||
|
"dst_ref": "ipv4-addr--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59cbb4fa-b6fc-4843-9bd9-4c4d950d210f",
|
||
|
"value": "185.18.197.109"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4fa-9dd4-45b0-99a5-4ed0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[url:value = 'http://granado.es/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4fb-77dc-4c59-8e1a-4d82950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[domain-name:value = 'granado.es']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbb4fb-2d64-4bde-9673-4f8b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:25Z",
|
||
|
"last_observed": "2017-09-27T15:08:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59cbb4fb-2d64-4bde-9673-4f8b950d210f",
|
||
|
"ipv4-addr--59cbb4fb-2d64-4bde-9673-4f8b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59cbb4fb-2d64-4bde-9673-4f8b950d210f",
|
||
|
"dst_ref": "ipv4-addr--59cbb4fb-2d64-4bde-9673-4f8b950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59cbb4fb-2d64-4bde-9673-4f8b950d210f",
|
||
|
"value": "37.247.122.30"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4fb-9508-432d-9df0-468b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[url:value = 'http://hkcel.com/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4fb-c3e0-4165-be84-45af950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[domain-name:value = 'hkcel.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbb4fd-21c4-4520-8ead-4271950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:25Z",
|
||
|
"last_observed": "2017-09-27T15:08:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59cbb4fd-21c4-4520-8ead-4271950d210f",
|
||
|
"ipv4-addr--59cbb4fd-21c4-4520-8ead-4271950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59cbb4fd-21c4-4520-8ead-4271950d210f",
|
||
|
"dst_ref": "ipv4-addr--59cbb4fd-21c4-4520-8ead-4271950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59cbb4fd-21c4-4520-8ead-4271950d210f",
|
||
|
"value": "202.181.132.166"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4fe-3bf8-456e-9ac4-4c25950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[url:value = 'http://hmbre.com/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4fe-a1b0-4ad8-8864-4493950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[domain-name:value = 'hmbre.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbb4fe-ead4-4042-b3b2-4a47950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:25Z",
|
||
|
"last_observed": "2017-09-27T15:08:25Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59cbb4fe-ead4-4042-b3b2-4a47950d210f",
|
||
|
"ipv4-addr--59cbb4fe-ead4-4042-b3b2-4a47950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59cbb4fe-ead4-4042-b3b2-4a47950d210f",
|
||
|
"dst_ref": "ipv4-addr--59cbb4fe-ead4-4042-b3b2-4a47950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59cbb4fe-ead4-4042-b3b2-4a47950d210f",
|
||
|
"value": "69.27.177.4"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4ff-7ec8-4220-8b38-4548950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[url:value = 'http://poemsan.info/p66/niugufvt4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbb4ff-32d8-462f-90f7-4b6e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:25.000Z",
|
||
|
"modified": "2017-09-27T15:08:25.000Z",
|
||
|
"pattern": "[domain-name:value = 'poemsan.info']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:25Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbbeea-0cd8-4013-bd2d-190802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"description": "- Xchecked via VT: 1c1a6b70b5e2b13c019d5cbdf0f12738",
|
||
|
"pattern": "[file:hashes.SHA256 = 'e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59cbbeea-83d4-47e2-b522-190802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"description": "- Xchecked via VT: 1c1a6b70b5e2b13c019d5cbdf0f12738",
|
||
|
"pattern": "[file:hashes.SHA1 = 'd21b9d5ca7327bb1ca57aaf8752e7764a3334fe8']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-27T15:08:26Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha1\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59cbbeea-6980-4c6c-b680-190802de0b81",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-27T15:08:26.000Z",
|
||
|
"modified": "2017-09-27T15:08:26.000Z",
|
||
|
"first_observed": "2017-09-27T15:08:26Z",
|
||
|
"last_observed": "2017-09-27T15:08:26Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59cbbeea-6980-4c6c-b680-190802de0b81"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59cbbeea-6980-4c6c-b680-190802de0b81",
|
||
|
"value": "https://www.virustotal.com/file/e5bafdd9d27defccb5c62db15a0374ccdeedb6a279b33776e8fc1ecb728d70e4/analysis/1506520270/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|