6038 lines
240 KiB
JSON
6038 lines
240 KiB
JSON
|
{
|
||
|
"type": "bundle",
|
||
|
"id": "bundle--59b2b505-0c68-4319-8278-7f0b950d210f",
|
||
|
"objects": [
|
||
|
{
|
||
|
"type": "identity",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:21:26.000Z",
|
||
|
"modified": "2017-09-08T15:21:26.000Z",
|
||
|
"name": "CIRCL",
|
||
|
"identity_class": "organization"
|
||
|
},
|
||
|
{
|
||
|
"type": "report",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "report--59b2b505-0c68-4319-8278-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:21:26.000Z",
|
||
|
"modified": "2017-09-08T15:21:26.000Z",
|
||
|
"name": "M2M - new locky",
|
||
|
"published": "2017-09-08T15:21:40Z",
|
||
|
"object_refs": [
|
||
|
"indicator--59b2b506-8dec-46af-9037-4ea4950d210f",
|
||
|
"indicator--59b2b506-8ce0-44f8-ada7-7959950d210f",
|
||
|
"indicator--59b2b507-ecbc-442f-b184-7f0b950d210f",
|
||
|
"indicator--59b2b507-b0e8-410d-a605-7dfc950d210f",
|
||
|
"indicator--59b2b507-0898-48fa-bb82-4034950d210f",
|
||
|
"indicator--59b2b507-0884-4f01-afea-415c950d210f",
|
||
|
"indicator--59b2b508-6790-4bb9-90ca-44a1950d210f",
|
||
|
"indicator--59b2b508-9c38-4b62-9e66-4ace950d210f",
|
||
|
"indicator--59b2b508-d640-49ac-9eb3-48f5950d210f",
|
||
|
"indicator--59b2b508-0100-44e0-9065-45b9950d210f",
|
||
|
"observed-data--59b2b509-ee00-4e01-9a41-4b6f950d210f",
|
||
|
"network-traffic--59b2b509-ee00-4e01-9a41-4b6f950d210f",
|
||
|
"ipv4-addr--59b2b509-ee00-4e01-9a41-4b6f950d210f",
|
||
|
"indicator--59b2b509-6a44-4eed-b138-2df1950d210f",
|
||
|
"indicator--59b2b509-90c8-4627-8d2d-42b0950d210f",
|
||
|
"observed-data--59b2b50a-7104-488b-a22e-42f7950d210f",
|
||
|
"network-traffic--59b2b50a-7104-488b-a22e-42f7950d210f",
|
||
|
"ipv4-addr--59b2b50a-7104-488b-a22e-42f7950d210f",
|
||
|
"indicator--59b2b50a-95c8-4df2-badd-7920950d210f",
|
||
|
"indicator--59b2b50a-114c-436f-b7e2-7f0b950d210f",
|
||
|
"observed-data--59b2b50a-0c68-4688-9b5a-48f5950d210f",
|
||
|
"network-traffic--59b2b50a-0c68-4688-9b5a-48f5950d210f",
|
||
|
"ipv4-addr--59b2b50a-0c68-4688-9b5a-48f5950d210f",
|
||
|
"indicator--59b2b50a-3dbc-4ca6-b390-40a4950d210f",
|
||
|
"indicator--59b2b50b-e944-479e-964b-4733950d210f",
|
||
|
"observed-data--59b2b50b-0588-4c73-baf7-7e8e950d210f",
|
||
|
"network-traffic--59b2b50b-0588-4c73-baf7-7e8e950d210f",
|
||
|
"ipv4-addr--59b2b50b-0588-4c73-baf7-7e8e950d210f",
|
||
|
"indicator--59b2b50b-b624-43e3-aac8-4643950d210f",
|
||
|
"indicator--59b2b50c-6ba4-4fba-b69c-463d950d210f",
|
||
|
"observed-data--59b2b50c-27d0-46fd-a541-4bec950d210f",
|
||
|
"network-traffic--59b2b50c-27d0-46fd-a541-4bec950d210f",
|
||
|
"ipv4-addr--59b2b50c-27d0-46fd-a541-4bec950d210f",
|
||
|
"indicator--59b2b50c-4ad4-474f-979e-7f0b950d210f",
|
||
|
"indicator--59b2b50c-b9cc-489e-977c-7dfc950d210f",
|
||
|
"observed-data--59b2b50d-a5dc-4496-96aa-49db950d210f",
|
||
|
"network-traffic--59b2b50d-a5dc-4496-96aa-49db950d210f",
|
||
|
"ipv4-addr--59b2b50d-a5dc-4496-96aa-49db950d210f",
|
||
|
"indicator--59b2b50d-3294-40b7-a1c8-47e1950d210f",
|
||
|
"indicator--59b2b50d-2a04-47ee-b671-7e8e950d210f",
|
||
|
"observed-data--59b2b50d-eb74-432f-9994-2df1950d210f",
|
||
|
"network-traffic--59b2b50d-eb74-432f-9994-2df1950d210f",
|
||
|
"ipv4-addr--59b2b50d-eb74-432f-9994-2df1950d210f",
|
||
|
"indicator--59b2b50d-2b2c-4727-b2c6-42d1950d210f",
|
||
|
"indicator--59b2b50e-2eb8-485b-9f22-4237950d210f",
|
||
|
"observed-data--59b2b50e-f6a4-4805-bf37-7959950d210f",
|
||
|
"network-traffic--59b2b50e-f6a4-4805-bf37-7959950d210f",
|
||
|
"ipv4-addr--59b2b50e-f6a4-4805-bf37-7959950d210f",
|
||
|
"indicator--59b2b50e-026c-4c6f-8688-7f0b950d210f",
|
||
|
"indicator--59b2b50e-2a2c-4e48-a3b8-7dfc950d210f",
|
||
|
"observed-data--59b2b50f-7484-4fc1-8ea3-411d950d210f",
|
||
|
"network-traffic--59b2b50f-7484-4fc1-8ea3-411d950d210f",
|
||
|
"ipv4-addr--59b2b50f-7484-4fc1-8ea3-411d950d210f",
|
||
|
"indicator--59b2b50f-fa00-4078-821a-4e2a950d210f",
|
||
|
"indicator--59b2b50f-3db4-48b3-8ee1-7e8e950d210f",
|
||
|
"observed-data--59b2b510-091c-4316-94db-4fae950d210f",
|
||
|
"network-traffic--59b2b510-091c-4316-94db-4fae950d210f",
|
||
|
"ipv4-addr--59b2b510-091c-4316-94db-4fae950d210f",
|
||
|
"indicator--59b2b510-6324-4e62-ba77-47bc950d210f",
|
||
|
"indicator--59b2b510-66cc-4f3d-9799-46f5950d210f",
|
||
|
"observed-data--59b2b511-508c-435c-a5d8-7920950d210f",
|
||
|
"network-traffic--59b2b511-508c-435c-a5d8-7920950d210f",
|
||
|
"ipv4-addr--59b2b511-508c-435c-a5d8-7920950d210f",
|
||
|
"indicator--59b2b511-f7dc-4054-9e0e-4c4b950d210f",
|
||
|
"indicator--59b2b511-e584-42da-b6af-44c7950d210f",
|
||
|
"observed-data--59b2b511-0a5c-4622-9024-456f950d210f",
|
||
|
"network-traffic--59b2b511-0a5c-4622-9024-456f950d210f",
|
||
|
"ipv4-addr--59b2b511-0a5c-4622-9024-456f950d210f",
|
||
|
"indicator--59b2b511-da58-4c65-9ff8-7d59950d210f",
|
||
|
"indicator--59b2b512-5798-4a2b-a93c-7e8e950d210f",
|
||
|
"observed-data--59b2b512-d0d4-4db2-a401-7959950d210f",
|
||
|
"network-traffic--59b2b512-d0d4-4db2-a401-7959950d210f",
|
||
|
"ipv4-addr--59b2b512-d0d4-4db2-a401-7959950d210f",
|
||
|
"indicator--59b2b512-7dcc-4714-8d40-492a950d210f",
|
||
|
"indicator--59b2b513-227c-470e-a522-7920950d210f",
|
||
|
"observed-data--59b2b513-7e44-427b-8b4a-7dfc950d210f",
|
||
|
"network-traffic--59b2b513-7e44-427b-8b4a-7dfc950d210f",
|
||
|
"ipv4-addr--59b2b513-7e44-427b-8b4a-7dfc950d210f",
|
||
|
"indicator--59b2b513-fa60-4260-81bb-4d6d950d210f",
|
||
|
"indicator--59b2b513-a794-4f29-8fca-47b7950d210f",
|
||
|
"observed-data--59b2b514-cd14-4820-a4d8-4dd9950d210f",
|
||
|
"network-traffic--59b2b514-cd14-4820-a4d8-4dd9950d210f",
|
||
|
"ipv4-addr--59b2b514-cd14-4820-a4d8-4dd9950d210f",
|
||
|
"indicator--59b2b514-811c-45c9-93f0-4ae0950d210f",
|
||
|
"indicator--59b2b514-31d4-434e-915d-7959950d210f",
|
||
|
"observed-data--59b2b514-40a8-46d4-83ef-7f0b950d210f",
|
||
|
"network-traffic--59b2b514-40a8-46d4-83ef-7f0b950d210f",
|
||
|
"ipv4-addr--59b2b514-40a8-46d4-83ef-7f0b950d210f",
|
||
|
"indicator--59b2b515-cb90-460f-ab30-2df1950d210f",
|
||
|
"indicator--59b2b515-86a8-4e57-9f34-46fc950d210f",
|
||
|
"observed-data--59b2b515-c52c-4ad3-814d-4453950d210f",
|
||
|
"network-traffic--59b2b515-c52c-4ad3-814d-4453950d210f",
|
||
|
"ipv4-addr--59b2b515-c52c-4ad3-814d-4453950d210f",
|
||
|
"indicator--59b2b515-4fcc-4559-9faa-41de950d210f",
|
||
|
"indicator--59b2b515-c130-4dfa-a5c5-7d59950d210f",
|
||
|
"observed-data--59b2b516-827c-493f-ac3b-7959950d210f",
|
||
|
"network-traffic--59b2b516-827c-493f-ac3b-7959950d210f",
|
||
|
"ipv4-addr--59b2b516-827c-493f-ac3b-7959950d210f",
|
||
|
"indicator--59b2b516-71d4-49d6-b950-2df1950d210f",
|
||
|
"indicator--59b2b516-8830-4b6d-b3a9-7dfc950d210f",
|
||
|
"observed-data--59b2b516-2114-4b4d-9d4b-4a5f950d210f",
|
||
|
"network-traffic--59b2b516-2114-4b4d-9d4b-4a5f950d210f",
|
||
|
"ipv4-addr--59b2b516-2114-4b4d-9d4b-4a5f950d210f",
|
||
|
"indicator--59b2b516-a5ec-45ca-b6dc-4cfa950d210f",
|
||
|
"indicator--59b2b517-0e50-4cde-88c8-45f5950d210f",
|
||
|
"observed-data--59b2b517-b26c-4022-b467-7959950d210f",
|
||
|
"network-traffic--59b2b517-b26c-4022-b467-7959950d210f",
|
||
|
"ipv4-addr--59b2b517-b26c-4022-b467-7959950d210f",
|
||
|
"indicator--59b2b517-8ce8-49ba-8914-457f950d210f",
|
||
|
"indicator--59b2b517-7b24-45a1-9515-7dfc950d210f",
|
||
|
"observed-data--59b2b518-6570-4c47-8a08-405c950d210f",
|
||
|
"network-traffic--59b2b518-6570-4c47-8a08-405c950d210f",
|
||
|
"ipv4-addr--59b2b518-6570-4c47-8a08-405c950d210f",
|
||
|
"indicator--59b2b518-6b74-4077-8064-41bf950d210f",
|
||
|
"indicator--59b2b518-59b8-48b0-8a70-48c7950d210f",
|
||
|
"observed-data--59b2b519-3b68-4534-8aa3-402b950d210f",
|
||
|
"network-traffic--59b2b519-3b68-4534-8aa3-402b950d210f",
|
||
|
"ipv4-addr--59b2b519-3b68-4534-8aa3-402b950d210f",
|
||
|
"indicator--59b2b519-0818-4bef-98ec-4fa4950d210f",
|
||
|
"indicator--59b2b519-1ff4-4067-984e-2df1950d210f",
|
||
|
"observed-data--59b2b519-e2e8-44c5-987d-7f0b950d210f",
|
||
|
"network-traffic--59b2b519-e2e8-44c5-987d-7f0b950d210f",
|
||
|
"ipv4-addr--59b2b519-e2e8-44c5-987d-7f0b950d210f",
|
||
|
"indicator--59b2b519-2e68-42b0-8a2a-4c18950d210f",
|
||
|
"indicator--59b2b51a-f3b4-40be-82f9-40bc950d210f",
|
||
|
"observed-data--59b2b51a-0168-46e2-970c-7d59950d210f",
|
||
|
"network-traffic--59b2b51a-0168-46e2-970c-7d59950d210f",
|
||
|
"ipv4-addr--59b2b51a-0168-46e2-970c-7d59950d210f",
|
||
|
"indicator--59b2b51a-b4ac-48ee-b52d-7959950d210f",
|
||
|
"indicator--59b2b51a-ea10-4f0f-a223-42f7950d210f",
|
||
|
"observed-data--59b2b51b-2430-4c7d-a392-7f0b950d210f",
|
||
|
"network-traffic--59b2b51b-2430-4c7d-a392-7f0b950d210f",
|
||
|
"ipv4-addr--59b2b51b-2430-4c7d-a392-7f0b950d210f",
|
||
|
"indicator--59b2b51b-5840-4ba0-8b5d-427e950d210f",
|
||
|
"indicator--59b2b51c-ac40-4ba6-90c5-4163950d210f",
|
||
|
"observed-data--59b2b51c-2ca0-4e74-95b0-7d59950d210f",
|
||
|
"network-traffic--59b2b51c-2ca0-4e74-95b0-7d59950d210f",
|
||
|
"ipv4-addr--59b2b51c-2ca0-4e74-95b0-7d59950d210f",
|
||
|
"indicator--59b2b51c-98d4-4c9c-8a05-7920950d210f",
|
||
|
"indicator--59b2b51c-6204-4ec1-8402-4383950d210f",
|
||
|
"observed-data--59b2b51d-3908-43b7-a667-2df1950d210f",
|
||
|
"network-traffic--59b2b51d-3908-43b7-a667-2df1950d210f",
|
||
|
"ipv4-addr--59b2b51d-3908-43b7-a667-2df1950d210f",
|
||
|
"indicator--59b2b51d-87bc-4e87-ba8f-7f0b950d210f",
|
||
|
"indicator--59b2b51d-260c-4dd0-b7cf-4004950d210f",
|
||
|
"observed-data--59b2b51d-7e08-467c-9c98-4755950d210f",
|
||
|
"network-traffic--59b2b51d-7e08-467c-9c98-4755950d210f",
|
||
|
"ipv4-addr--59b2b51d-7e08-467c-9c98-4755950d210f",
|
||
|
"indicator--59b2b51d-50a0-4d55-9036-4f41950d210f",
|
||
|
"indicator--59b2b51e-0798-4a34-af5e-4ee5950d210f",
|
||
|
"observed-data--59b2b51e-8a88-4827-be9a-42af950d210f",
|
||
|
"network-traffic--59b2b51e-8a88-4827-be9a-42af950d210f",
|
||
|
"ipv4-addr--59b2b51e-8a88-4827-be9a-42af950d210f",
|
||
|
"indicator--59b2b51e-2ef8-4839-8d84-7f0b950d210f",
|
||
|
"indicator--59b2b51f-4d7c-42b1-9dbe-413a950d210f",
|
||
|
"observed-data--59b2b51f-2ee8-4de1-ad57-427b950d210f",
|
||
|
"network-traffic--59b2b51f-2ee8-4de1-ad57-427b950d210f",
|
||
|
"ipv4-addr--59b2b51f-2ee8-4de1-ad57-427b950d210f",
|
||
|
"indicator--59b2b51f-5a30-4f43-990f-406f950d210f",
|
||
|
"indicator--59b2b51f-f1a0-4f3d-beb9-41ce950d210f",
|
||
|
"observed-data--59b2b51f-71bc-4f66-ae79-7920950d210f",
|
||
|
"network-traffic--59b2b51f-71bc-4f66-ae79-7920950d210f",
|
||
|
"ipv4-addr--59b2b51f-71bc-4f66-ae79-7920950d210f",
|
||
|
"indicator--59b2b520-f6b4-420e-8109-4b10950d210f",
|
||
|
"indicator--59b2b520-6654-4895-b5c0-7959950d210f",
|
||
|
"observed-data--59b2b520-bdcc-43ce-8124-2df1950d210f",
|
||
|
"network-traffic--59b2b520-bdcc-43ce-8124-2df1950d210f",
|
||
|
"ipv4-addr--59b2b520-bdcc-43ce-8124-2df1950d210f",
|
||
|
"indicator--59b2b520-497c-4cc5-a198-7f0b950d210f",
|
||
|
"indicator--59b2b520-f0a8-4866-b292-4e96950d210f",
|
||
|
"observed-data--59b2b521-de84-4a10-9683-4dbd950d210f",
|
||
|
"network-traffic--59b2b521-de84-4a10-9683-4dbd950d210f",
|
||
|
"ipv4-addr--59b2b521-de84-4a10-9683-4dbd950d210f",
|
||
|
"indicator--59b2b521-8ab0-47f0-a255-7dfc950d210f",
|
||
|
"indicator--59b2b521-f20c-4a9e-90ca-44f9950d210f",
|
||
|
"observed-data--59b2b522-4e4c-4370-99f7-7d59950d210f",
|
||
|
"network-traffic--59b2b522-4e4c-4370-99f7-7d59950d210f",
|
||
|
"ipv4-addr--59b2b522-4e4c-4370-99f7-7d59950d210f",
|
||
|
"indicator--59b2b522-87c4-4449-8a6c-7920950d210f",
|
||
|
"indicator--59b2b522-d42c-4f9a-9c4c-4e7a950d210f",
|
||
|
"observed-data--59b2b522-7360-4282-b3b4-7959950d210f",
|
||
|
"network-traffic--59b2b522-7360-4282-b3b4-7959950d210f",
|
||
|
"ipv4-addr--59b2b522-7360-4282-b3b4-7959950d210f",
|
||
|
"indicator--59b2b523-25a8-4976-911e-7f0b950d210f",
|
||
|
"indicator--59b2b523-3cc4-4f56-a058-4735950d210f",
|
||
|
"observed-data--59b2b523-3a90-475f-8e97-418b950d210f",
|
||
|
"network-traffic--59b2b523-3a90-475f-8e97-418b950d210f",
|
||
|
"ipv4-addr--59b2b523-3a90-475f-8e97-418b950d210f",
|
||
|
"indicator--59b2b523-cc40-43db-aa6a-4c1e950d210f",
|
||
|
"indicator--59b2b523-fbf0-412f-9362-4708950d210f",
|
||
|
"observed-data--59b2b524-e9b0-4d28-b8d9-7d59950d210f",
|
||
|
"network-traffic--59b2b524-e9b0-4d28-b8d9-7d59950d210f",
|
||
|
"ipv4-addr--59b2b524-e9b0-4d28-b8d9-7d59950d210f",
|
||
|
"indicator--59b2b524-f2dc-4b70-813e-4b4b950d210f",
|
||
|
"indicator--59b2b524-af80-422c-98aa-7920950d210f",
|
||
|
"observed-data--59b2b525-b210-41d3-ba3b-7959950d210f",
|
||
|
"network-traffic--59b2b525-b210-41d3-ba3b-7959950d210f",
|
||
|
"ipv4-addr--59b2b525-b210-41d3-ba3b-7959950d210f",
|
||
|
"indicator--59b2b525-3e80-40b4-9a22-7f0b950d210f",
|
||
|
"indicator--59b2b525-8358-48d5-a160-44d7950d210f",
|
||
|
"observed-data--59b2b525-eae8-4263-9db2-467f950d210f",
|
||
|
"network-traffic--59b2b525-eae8-4263-9db2-467f950d210f",
|
||
|
"ipv4-addr--59b2b525-eae8-4263-9db2-467f950d210f",
|
||
|
"indicator--59b2b525-9790-4ab2-b73b-7dfc950d210f",
|
||
|
"indicator--59b2b525-2120-42c9-8aa4-7d59950d210f",
|
||
|
"indicator--59b2b526-4b80-4a21-a39f-7959950d210f",
|
||
|
"indicator--59b2b526-839c-4a1c-add1-4615950d210f",
|
||
|
"indicator--59b2b527-300c-4df2-9a60-7e8e950d210f",
|
||
|
"indicator--59b2b527-d208-49fb-a545-7dfc950d210f",
|
||
|
"indicator--59b2b527-1924-4ff9-ac86-7920950d210f",
|
||
|
"indicator--59b2b527-68bc-467d-a2e1-7959950d210f",
|
||
|
"indicator--59b2b528-f8e0-4492-aacd-2df1950d210f",
|
||
|
"indicator--59b2b528-efec-4624-a7f3-7e8e950d210f",
|
||
|
"observed-data--59b2b528-3e1c-4166-b6bc-43ee950d210f",
|
||
|
"network-traffic--59b2b528-3e1c-4166-b6bc-43ee950d210f",
|
||
|
"ipv4-addr--59b2b528-3e1c-4166-b6bc-43ee950d210f",
|
||
|
"indicator--59b2b528-21e8-4533-a2bf-7f0b950d210f",
|
||
|
"indicator--59b2b529-9b2c-45c8-bdc0-7e8e950d210f",
|
||
|
"observed-data--59b2b529-6998-4671-86ca-43fb950d210f",
|
||
|
"network-traffic--59b2b529-6998-4671-86ca-43fb950d210f",
|
||
|
"ipv4-addr--59b2b529-6998-4671-86ca-43fb950d210f",
|
||
|
"indicator--59b2b529-d0b4-4bd2-a383-4af3950d210f",
|
||
|
"indicator--59b2b529-5f8c-414a-8207-4a44950d210f",
|
||
|
"observed-data--59b2b52a-1c40-47f1-bf23-7f0b950d210f",
|
||
|
"network-traffic--59b2b52a-1c40-47f1-bf23-7f0b950d210f",
|
||
|
"ipv4-addr--59b2b52a-1c40-47f1-bf23-7f0b950d210f",
|
||
|
"indicator--59b2b52a-cd10-42d4-9b6a-4569950d210f",
|
||
|
"indicator--59b2b52a-d4dc-46d0-8dbd-48d1950d210f",
|
||
|
"observed-data--59b2b52a-6af8-4dc8-bed1-7dfc950d210f",
|
||
|
"network-traffic--59b2b52a-6af8-4dc8-bed1-7dfc950d210f",
|
||
|
"ipv4-addr--59b2b52a-6af8-4dc8-bed1-7dfc950d210f",
|
||
|
"indicator--59b2b52b-e728-4937-8688-4bdf950d210f",
|
||
|
"indicator--59b2b52b-0c7c-47ab-99ea-4d92950d210f",
|
||
|
"indicator--59b2b52b-23cc-4d8e-bf17-7f0b950d210f",
|
||
|
"indicator--59b2b52b-1530-4a90-a22f-2df1950d210f",
|
||
|
"indicator--59b2b549-c0d8-46ec-a648-7f0b950d210f",
|
||
|
"indicator--59b2b54a-d3ec-40a0-a64a-4642950d210f",
|
||
|
"observed-data--59b2b54a-9180-4a1c-9bef-7e8e950d210f",
|
||
|
"network-traffic--59b2b54a-9180-4a1c-9bef-7e8e950d210f",
|
||
|
"ipv4-addr--59b2b54a-9180-4a1c-9bef-7e8e950d210f",
|
||
|
"indicator--59b2b54a-64d4-4329-9287-404f950d210f",
|
||
|
"indicator--59b2b54a-1fb4-4600-845a-7d59950d210f",
|
||
|
"observed-data--59b2b54b-f5b0-4d1e-9930-475e950d210f",
|
||
|
"network-traffic--59b2b54b-f5b0-4d1e-9930-475e950d210f",
|
||
|
"ipv4-addr--59b2b54b-f5b0-4d1e-9930-475e950d210f",
|
||
|
"indicator--59b2b54b-3888-455b-93d1-7e8e950d210f",
|
||
|
"indicator--59b2b54c-332c-488d-972a-44e0950d210f",
|
||
|
"indicator--59b2b54c-d3bc-4495-8539-7920950d210f",
|
||
|
"indicator--59b2b54c-82d0-4671-9c8c-7f0b950d210f",
|
||
|
"observed-data--59b2b54c-188c-416c-a32c-7e8e950d210f",
|
||
|
"network-traffic--59b2b54c-188c-416c-a32c-7e8e950d210f",
|
||
|
"ipv4-addr--59b2b54c-188c-416c-a32c-7e8e950d210f",
|
||
|
"indicator--59b2b54d-2094-49be-aceb-4761950d210f",
|
||
|
"indicator--59b2b54d-9164-4b21-ae45-7d59950d210f",
|
||
|
"observed-data--59b2b54d-74ec-483f-9a6e-4fd3950d210f",
|
||
|
"network-traffic--59b2b54d-74ec-483f-9a6e-4fd3950d210f",
|
||
|
"ipv4-addr--59b2b54d-74ec-483f-9a6e-4fd3950d210f",
|
||
|
"indicator--59b2b54d-18c4-4798-adfa-7920950d210f",
|
||
|
"indicator--59b2b54d-45b8-4c4a-9611-7f0b950d210f",
|
||
|
"observed-data--59b2b54e-b308-45c2-9f16-4d51950d210f",
|
||
|
"network-traffic--59b2b54e-b308-45c2-9f16-4d51950d210f",
|
||
|
"ipv4-addr--59b2b54e-b308-45c2-9f16-4d51950d210f",
|
||
|
"indicator--59b2b54e-fd2c-45b3-adef-7dfc950d210f",
|
||
|
"indicator--59b2b54e-4950-4d22-bc21-43c7950d210f",
|
||
|
"observed-data--59b2b54e-53dc-48d2-ba4d-4e2a950d210f",
|
||
|
"network-traffic--59b2b54e-53dc-48d2-ba4d-4e2a950d210f",
|
||
|
"ipv4-addr--59b2b54e-53dc-48d2-ba4d-4e2a950d210f",
|
||
|
"indicator--59b2b54f-7800-43cc-a6aa-7f0b950d210f",
|
||
|
"indicator--59b2b54f-dfb4-421f-bea4-7e8e950d210f",
|
||
|
"indicator--59b2b54f-f778-4b6b-a179-7d59950d210f",
|
||
|
"indicator--59b2b54f-4638-4f7e-94c7-7959950d210f",
|
||
|
"indicator--59b2b550-5df0-401d-b6b2-7f0b950d210f",
|
||
|
"indicator--59b2b550-f260-4be6-9cf9-4ef6950d210f",
|
||
|
"observed-data--59b2b550-31d8-40e7-947e-4ecf950d210f",
|
||
|
"network-traffic--59b2b550-31d8-40e7-947e-4ecf950d210f",
|
||
|
"ipv4-addr--59b2b550-31d8-40e7-947e-4ecf950d210f",
|
||
|
"indicator--59b2b550-5054-4a81-bef5-4c87950d210f",
|
||
|
"indicator--59b2b551-6e74-4f61-89ed-7dfc950d210f",
|
||
|
"observed-data--59b2b551-fabc-4c25-b776-2df1950d210f",
|
||
|
"network-traffic--59b2b551-fabc-4c25-b776-2df1950d210f",
|
||
|
"ipv4-addr--59b2b551-fabc-4c25-b776-2df1950d210f",
|
||
|
"indicator--59b2b551-3d38-48ba-8cdf-4cc7950d210f",
|
||
|
"indicator--59b2b552-d788-4d25-b3b9-7f0b950d210f",
|
||
|
"observed-data--59b2b552-27e0-4f3a-8580-4567950d210f",
|
||
|
"network-traffic--59b2b552-27e0-4f3a-8580-4567950d210f",
|
||
|
"ipv4-addr--59b2b552-27e0-4f3a-8580-4567950d210f",
|
||
|
"observed-data--59b2b552-e02c-47e4-bf7c-484e950d210f",
|
||
|
"url--59b2b552-e02c-47e4-bf7c-484e950d210f",
|
||
|
"observed-data--59b2b552-cb78-494e-bae7-7dfc950d210f",
|
||
|
"network-traffic--59b2b552-cb78-494e-bae7-7dfc950d210f",
|
||
|
"ipv4-addr--59b2b552-cb78-494e-bae7-7dfc950d210f",
|
||
|
"observed-data--59b2b552-a710-4b60-8448-2df1950d210f",
|
||
|
"url--59b2b552-a710-4b60-8448-2df1950d210f",
|
||
|
"observed-data--59b2b553-94d4-4525-92d0-7920950d210f",
|
||
|
"network-traffic--59b2b553-94d4-4525-92d0-7920950d210f",
|
||
|
"ipv4-addr--59b2b553-94d4-4525-92d0-7920950d210f",
|
||
|
"indicator--59b2b553-979c-4aad-af67-471b950d210f",
|
||
|
"indicator--59b2b553-af28-473a-9f16-7e8e950d210f",
|
||
|
"indicator--59b2b554-8080-4087-ba4f-4352950d210f",
|
||
|
"indicator--59b2b554-9c80-4a9b-b6dd-7d59950d210f",
|
||
|
"indicator--59b2b554-8e68-4d50-896b-7920950d210f",
|
||
|
"indicator--59b2b554-383c-4129-bbae-47c9950d210f",
|
||
|
"indicator--59b2b555-9208-4090-aa42-4c8c950d210f",
|
||
|
"indicator--59b2b555-a528-4390-bc3f-44e6950d210f",
|
||
|
"indicator--59b2b555-a704-46ed-9114-7dfc950d210f",
|
||
|
"indicator--59b2b555-1ce8-4c59-8975-4b08950d210f",
|
||
|
"indicator--59b2b556-5cc8-4a4f-a625-40b5950d210f",
|
||
|
"indicator--59b2b556-6bd0-4606-8bd9-7959950d210f",
|
||
|
"indicator--59b2b556-c698-412d-849c-4695950d210f",
|
||
|
"indicator--59b2b556-42e8-4311-b97a-7e8e950d210f",
|
||
|
"observed-data--59b2b557-31a0-4134-aeb4-43f2950d210f",
|
||
|
"network-traffic--59b2b557-31a0-4134-aeb4-43f2950d210f",
|
||
|
"ipv4-addr--59b2b557-31a0-4134-aeb4-43f2950d210f",
|
||
|
"indicator--59b2b558-e6f0-4ce4-b8c0-7959950d210f",
|
||
|
"indicator--59b2b558-5258-4a0e-835c-40aa950d210f",
|
||
|
"indicator--59b2b558-837c-44da-b0f4-7e8e950d210f",
|
||
|
"indicator--59b2b558-9d5c-4329-8ed1-2df1950d210f",
|
||
|
"indicator--59b2b559-2d94-40bf-b079-489e950d210f",
|
||
|
"indicator--59b2b559-0a08-4124-92bf-4c6d950d210f",
|
||
|
"indicator--59b2b559-19fc-4312-8c08-7e8e950d210f",
|
||
|
"indicator--59b2b55a-61a4-456a-b506-7d59950d210f",
|
||
|
"indicator--59b2b55a-fd8c-4203-b330-7f0b950d210f",
|
||
|
"indicator--59b2b55a-33fc-4978-98f6-47c7950d210f",
|
||
|
"observed-data--59b2b55c-b790-4f53-89fc-4a9f950d210f",
|
||
|
"url--59b2b55c-b790-4f53-89fc-4a9f950d210f",
|
||
|
"observed-data--59b2b55c-ec54-4d1a-a710-7e8e950d210f",
|
||
|
"url--59b2b55c-ec54-4d1a-a710-7e8e950d210f",
|
||
|
"observed-data--59b2b55c-8930-4cca-af93-4ad3950d210f",
|
||
|
"url--59b2b55c-8930-4cca-af93-4ad3950d210f",
|
||
|
"observed-data--59b2b55d-a920-455c-98ab-7dfc950d210f",
|
||
|
"url--59b2b55d-a920-455c-98ab-7dfc950d210f",
|
||
|
"observed-data--59b2b55d-50dc-4850-aec1-4365950d210f",
|
||
|
"url--59b2b55d-50dc-4850-aec1-4365950d210f",
|
||
|
"observed-data--59b2b55d-5a78-4bb2-ab36-7e8e950d210f",
|
||
|
"url--59b2b55d-5a78-4bb2-ab36-7e8e950d210f",
|
||
|
"observed-data--59b2b55d-3a18-45c0-9e9a-7920950d210f",
|
||
|
"url--59b2b55d-3a18-45c0-9e9a-7920950d210f",
|
||
|
"observed-data--59b2b55e-1180-4b01-bff0-4664950d210f",
|
||
|
"url--59b2b55e-1180-4b01-bff0-4664950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"Threat-Report",
|
||
|
"misp:tool=\"MISP-STIX-Converter\"",
|
||
|
"ecsirt:malicious-code=\"ransomware\"",
|
||
|
"misp-galaxy:ransomware=\"Locky\""
|
||
|
],
|
||
|
"object_marking_refs": [
|
||
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b506-8dec-46af-9037-4ea4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:34.000Z",
|
||
|
"modified": "2017-09-08T15:19:34.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '4dec8241eea439ac0413b1b8cca98a18']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b506-8ce0-44f8-ada7-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:34.000Z",
|
||
|
"modified": "2017-09-08T15:19:34.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = 'e84f8462fe7c11f4441f15b003ad8966']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:34Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b507-ecbc-442f-b184-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:35.000Z",
|
||
|
"modified": "2017-09-08T15:19:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '63ed156f8d2efad83cb2d835c3575d16']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b507-b0e8-410d-a605-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:35.000Z",
|
||
|
"modified": "2017-09-08T15:19:35.000Z",
|
||
|
"pattern": "[file:hashes.MD5 = '7210b3a262d96b514d07abfe8d601390']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"md5\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b507-0898-48fa-bb82-4034950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:35.000Z",
|
||
|
"modified": "2017-09-08T15:19:35.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '39d986b3a62f4d1b2e43c8295a2a645187e08417b6c0d2d8b08a9f7e75343936']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b507-0884-4f01-afea-415c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:35.000Z",
|
||
|
"modified": "2017-09-08T15:19:35.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'd3a1017f8e5d4ede0eeaa634b81f2d772a425898009ddf19ca73593a9b8700cb']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:35Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b508-6790-4bb9-90ca-44a1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:36.000Z",
|
||
|
"modified": "2017-09-08T15:19:36.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = 'a2dd27957eba44eda1764b7426641072a0b310cf84d9e2ae2a78d78e5ff2c4ea']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b508-9c38-4b62-9e66-4ace950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:36.000Z",
|
||
|
"modified": "2017-09-08T15:19:36.000Z",
|
||
|
"pattern": "[file:hashes.SHA256 = '70e828a3b69e1416e6ef17bf1c4d6e15bd92d877f08e6c3e36e0d779c45ed2a0']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Artifacts dropped"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"sha256\"",
|
||
|
"misp:category=\"Artifacts dropped\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b508-d640-49ac-9eb3-48f5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:36.000Z",
|
||
|
"modified": "2017-09-08T15:19:36.000Z",
|
||
|
"pattern": "[url:value = 'http://anloandy.co.uk/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b508-0100-44e0-9065-45b9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:36.000Z",
|
||
|
"modified": "2017-09-08T15:19:36.000Z",
|
||
|
"pattern": "[domain-name:value = 'anloandy.co.uk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:36Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b509-ee00-4e01-9a41-4b6f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:37.000Z",
|
||
|
"modified": "2017-09-08T15:19:37.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:37Z",
|
||
|
"last_observed": "2017-09-08T15:19:37Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b509-ee00-4e01-9a41-4b6f950d210f",
|
||
|
"ipv4-addr--59b2b509-ee00-4e01-9a41-4b6f950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b509-ee00-4e01-9a41-4b6f950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b509-ee00-4e01-9a41-4b6f950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b509-ee00-4e01-9a41-4b6f950d210f",
|
||
|
"value": "213.246.110.104"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b509-6a44-4eed-b138-2df1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:37.000Z",
|
||
|
"modified": "2017-09-08T15:19:37.000Z",
|
||
|
"pattern": "[url:value = 'http://arkberg-design.fi/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b509-90c8-4627-8d2d-42b0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:37.000Z",
|
||
|
"modified": "2017-09-08T15:19:37.000Z",
|
||
|
"pattern": "[domain-name:value = 'arkberg-design.fi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:37Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b50a-7104-488b-a22e-42f7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:38.000Z",
|
||
|
"modified": "2017-09-08T15:19:38.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:38Z",
|
||
|
"last_observed": "2017-09-08T15:19:38Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b50a-7104-488b-a22e-42f7950d210f",
|
||
|
"ipv4-addr--59b2b50a-7104-488b-a22e-42f7950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b50a-7104-488b-a22e-42f7950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b50a-7104-488b-a22e-42f7950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b50a-7104-488b-a22e-42f7950d210f",
|
||
|
"value": "84.234.64.216"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50a-95c8-4df2-badd-7920950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:38.000Z",
|
||
|
"modified": "2017-09-08T15:19:38.000Z",
|
||
|
"pattern": "[url:value = 'http://artesoba.be/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50a-114c-436f-b7e2-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:38.000Z",
|
||
|
"modified": "2017-09-08T15:19:38.000Z",
|
||
|
"pattern": "[domain-name:value = 'artesoba.be']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b50a-0c68-4688-9b5a-48f5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:38.000Z",
|
||
|
"modified": "2017-09-08T15:19:38.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:38Z",
|
||
|
"last_observed": "2017-09-08T15:19:38Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b50a-0c68-4688-9b5a-48f5950d210f",
|
||
|
"ipv4-addr--59b2b50a-0c68-4688-9b5a-48f5950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b50a-0c68-4688-9b5a-48f5950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b50a-0c68-4688-9b5a-48f5950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b50a-0c68-4688-9b5a-48f5950d210f",
|
||
|
"value": "91.220.154.76"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50a-3dbc-4ca6-b390-40a4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:38.000Z",
|
||
|
"modified": "2017-09-08T15:19:38.000Z",
|
||
|
"pattern": "[url:value = 'http://brianwells.net/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:38Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50b-e944-479e-964b-4733950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:39.000Z",
|
||
|
"modified": "2017-09-08T15:19:39.000Z",
|
||
|
"pattern": "[domain-name:value = 'brianwells.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b50b-0588-4c73-baf7-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:39.000Z",
|
||
|
"modified": "2017-09-08T15:19:39.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:39Z",
|
||
|
"last_observed": "2017-09-08T15:19:39Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b50b-0588-4c73-baf7-7e8e950d210f",
|
||
|
"ipv4-addr--59b2b50b-0588-4c73-baf7-7e8e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b50b-0588-4c73-baf7-7e8e950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b50b-0588-4c73-baf7-7e8e950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b50b-0588-4c73-baf7-7e8e950d210f",
|
||
|
"value": "66.199.174.108"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50b-b624-43e3-aac8-4643950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:39.000Z",
|
||
|
"modified": "2017-09-08T15:19:39.000Z",
|
||
|
"pattern": "[url:value = 'http://carpenteriemcm.com/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:39Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50c-6ba4-4fba-b69c-463d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:40.000Z",
|
||
|
"modified": "2017-09-08T15:19:40.000Z",
|
||
|
"pattern": "[domain-name:value = 'carpenteriemcm.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b50c-27d0-46fd-a541-4bec950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:40.000Z",
|
||
|
"modified": "2017-09-08T15:19:40.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:40Z",
|
||
|
"last_observed": "2017-09-08T15:19:40Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b50c-27d0-46fd-a541-4bec950d210f",
|
||
|
"ipv4-addr--59b2b50c-27d0-46fd-a541-4bec950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b50c-27d0-46fd-a541-4bec950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b50c-27d0-46fd-a541-4bec950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b50c-27d0-46fd-a541-4bec950d210f",
|
||
|
"value": "89.96.90.14"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50c-4ad4-474f-979e-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:40.000Z",
|
||
|
"modified": "2017-09-08T15:19:40.000Z",
|
||
|
"pattern": "[url:value = 'http://cer-torcy.com/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50c-b9cc-489e-977c-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:40.000Z",
|
||
|
"modified": "2017-09-08T15:19:40.000Z",
|
||
|
"pattern": "[domain-name:value = 'cer-torcy.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:40Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b50d-a5dc-4496-96aa-49db950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:41.000Z",
|
||
|
"modified": "2017-09-08T15:19:41.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:41Z",
|
||
|
"last_observed": "2017-09-08T15:19:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b50d-a5dc-4496-96aa-49db950d210f",
|
||
|
"ipv4-addr--59b2b50d-a5dc-4496-96aa-49db950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b50d-a5dc-4496-96aa-49db950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b50d-a5dc-4496-96aa-49db950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b50d-a5dc-4496-96aa-49db950d210f",
|
||
|
"value": "193.227.248.241"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50d-3294-40b7-a1c8-47e1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:41.000Z",
|
||
|
"modified": "2017-09-08T15:19:41.000Z",
|
||
|
"pattern": "[url:value = 'http://chorleystud.com/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50d-2a04-47ee-b671-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:41.000Z",
|
||
|
"modified": "2017-09-08T15:19:41.000Z",
|
||
|
"pattern": "[domain-name:value = 'chorleystud.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b50d-eb74-432f-9994-2df1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:41.000Z",
|
||
|
"modified": "2017-09-08T15:19:41.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:41Z",
|
||
|
"last_observed": "2017-09-08T15:19:41Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b50d-eb74-432f-9994-2df1950d210f",
|
||
|
"ipv4-addr--59b2b50d-eb74-432f-9994-2df1950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b50d-eb74-432f-9994-2df1950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b50d-eb74-432f-9994-2df1950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b50d-eb74-432f-9994-2df1950d210f",
|
||
|
"value": "87.106.145.218"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50d-2b2c-4727-b2c6-42d1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:41.000Z",
|
||
|
"modified": "2017-09-08T15:19:41.000Z",
|
||
|
"pattern": "[url:value = 'http://crda-addenmali.org/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50e-2eb8-485b-9f22-4237950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:42.000Z",
|
||
|
"modified": "2017-09-08T15:19:42.000Z",
|
||
|
"pattern": "[domain-name:value = 'crda-addenmali.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b50e-f6a4-4805-bf37-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:42.000Z",
|
||
|
"modified": "2017-09-08T15:19:42.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:42Z",
|
||
|
"last_observed": "2017-09-08T15:19:42Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b50e-f6a4-4805-bf37-7959950d210f",
|
||
|
"ipv4-addr--59b2b50e-f6a4-4805-bf37-7959950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b50e-f6a4-4805-bf37-7959950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b50e-f6a4-4805-bf37-7959950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b50e-f6a4-4805-bf37-7959950d210f",
|
||
|
"value": "50.56.211.52"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50e-026c-4c6f-8688-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:42.000Z",
|
||
|
"modified": "2017-09-08T15:19:42.000Z",
|
||
|
"pattern": "[url:value = 'http://downstairsonfirst.com/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50e-2a2c-4e48-a3b8-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:42.000Z",
|
||
|
"modified": "2017-09-08T15:19:42.000Z",
|
||
|
"pattern": "[domain-name:value = 'downstairsonfirst.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b50f-7484-4fc1-8ea3-411d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:43.000Z",
|
||
|
"modified": "2017-09-08T15:19:43.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:43Z",
|
||
|
"last_observed": "2017-09-08T15:19:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b50f-7484-4fc1-8ea3-411d950d210f",
|
||
|
"ipv4-addr--59b2b50f-7484-4fc1-8ea3-411d950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b50f-7484-4fc1-8ea3-411d950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b50f-7484-4fc1-8ea3-411d950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b50f-7484-4fc1-8ea3-411d950d210f",
|
||
|
"value": "65.182.175.15"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50f-fa00-4078-821a-4e2a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:43.000Z",
|
||
|
"modified": "2017-09-08T15:19:43.000Z",
|
||
|
"pattern": "[url:value = 'http://egdevcenter.com/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b50f-3db4-48b3-8ee1-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:43.000Z",
|
||
|
"modified": "2017-09-08T15:19:43.000Z",
|
||
|
"pattern": "[domain-name:value = 'egdevcenter.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b510-091c-4316-94db-4fae950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:44.000Z",
|
||
|
"modified": "2017-09-08T15:19:44.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:44Z",
|
||
|
"last_observed": "2017-09-08T15:19:44Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b510-091c-4316-94db-4fae950d210f",
|
||
|
"ipv4-addr--59b2b510-091c-4316-94db-4fae950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b510-091c-4316-94db-4fae950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b510-091c-4316-94db-4fae950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b510-091c-4316-94db-4fae950d210f",
|
||
|
"value": "37.48.73.139"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b510-6324-4e62-ba77-47bc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:44.000Z",
|
||
|
"modified": "2017-09-08T15:19:44.000Z",
|
||
|
"pattern": "[url:value = 'http://emailrinkodara.lt/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b510-66cc-4f3d-9799-46f5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:44.000Z",
|
||
|
"modified": "2017-09-08T15:19:44.000Z",
|
||
|
"pattern": "[domain-name:value = 'emailrinkodara.lt']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b511-508c-435c-a5d8-7920950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:45.000Z",
|
||
|
"modified": "2017-09-08T15:19:45.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:45Z",
|
||
|
"last_observed": "2017-09-08T15:19:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b511-508c-435c-a5d8-7920950d210f",
|
||
|
"ipv4-addr--59b2b511-508c-435c-a5d8-7920950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b511-508c-435c-a5d8-7920950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b511-508c-435c-a5d8-7920950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b511-508c-435c-a5d8-7920950d210f",
|
||
|
"value": "92.61.33.115"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b511-f7dc-4054-9e0e-4c4b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:45.000Z",
|
||
|
"modified": "2017-09-08T15:19:45.000Z",
|
||
|
"pattern": "[url:value = 'http://embutidosanezcar.com/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b511-e584-42da-b6af-44c7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:45.000Z",
|
||
|
"modified": "2017-09-08T15:19:45.000Z",
|
||
|
"pattern": "[domain-name:value = 'embutidosanezcar.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b511-0a5c-4622-9024-456f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:45.000Z",
|
||
|
"modified": "2017-09-08T15:19:45.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:45Z",
|
||
|
"last_observed": "2017-09-08T15:19:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b511-0a5c-4622-9024-456f950d210f",
|
||
|
"ipv4-addr--59b2b511-0a5c-4622-9024-456f950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b511-0a5c-4622-9024-456f950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b511-0a5c-4622-9024-456f950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b511-0a5c-4622-9024-456f950d210f",
|
||
|
"value": "5.2.88.79"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b511-da58-4c65-9ff8-7d59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:45.000Z",
|
||
|
"modified": "2017-09-08T15:19:45.000Z",
|
||
|
"pattern": "[url:value = 'http://holmac.co.nz/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b512-5798-4a2b-a93c-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:46.000Z",
|
||
|
"modified": "2017-09-08T15:19:46.000Z",
|
||
|
"pattern": "[domain-name:value = 'holmac.co.nz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b512-d0d4-4db2-a401-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:46.000Z",
|
||
|
"modified": "2017-09-08T15:19:46.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:46Z",
|
||
|
"last_observed": "2017-09-08T15:19:46Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b512-d0d4-4db2-a401-7959950d210f",
|
||
|
"ipv4-addr--59b2b512-d0d4-4db2-a401-7959950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b512-d0d4-4db2-a401-7959950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b512-d0d4-4db2-a401-7959950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b512-d0d4-4db2-a401-7959950d210f",
|
||
|
"value": "120.136.0.3"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b512-7dcc-4714-8d40-492a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:46.000Z",
|
||
|
"modified": "2017-09-08T15:19:46.000Z",
|
||
|
"pattern": "[url:value = 'http://intelicalls.com/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b513-227c-470e-a522-7920950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:47.000Z",
|
||
|
"modified": "2017-09-08T15:19:47.000Z",
|
||
|
"pattern": "[domain-name:value = 'intelicalls.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b513-7e44-427b-8b4a-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:47.000Z",
|
||
|
"modified": "2017-09-08T15:19:47.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:47Z",
|
||
|
"last_observed": "2017-09-08T15:19:47Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b513-7e44-427b-8b4a-7dfc950d210f",
|
||
|
"ipv4-addr--59b2b513-7e44-427b-8b4a-7dfc950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b513-7e44-427b-8b4a-7dfc950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b513-7e44-427b-8b4a-7dfc950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b513-7e44-427b-8b4a-7dfc950d210f",
|
||
|
"value": "71.6.218.221"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b513-fa60-4260-81bb-4d6d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:47.000Z",
|
||
|
"modified": "2017-09-08T15:19:47.000Z",
|
||
|
"pattern": "[url:value = 'http://jtpsolutions.com.au/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b513-a794-4f29-8fca-47b7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:47.000Z",
|
||
|
"modified": "2017-09-08T15:19:47.000Z",
|
||
|
"pattern": "[domain-name:value = 'jtpsolutions.com.au']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b514-cd14-4820-a4d8-4dd9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:48.000Z",
|
||
|
"modified": "2017-09-08T15:19:48.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:48Z",
|
||
|
"last_observed": "2017-09-08T15:19:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b514-cd14-4820-a4d8-4dd9950d210f",
|
||
|
"ipv4-addr--59b2b514-cd14-4820-a4d8-4dd9950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b514-cd14-4820-a4d8-4dd9950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b514-cd14-4820-a4d8-4dd9950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b514-cd14-4820-a4d8-4dd9950d210f",
|
||
|
"value": "113.20.5.153"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b514-811c-45c9-93f0-4ae0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:48.000Z",
|
||
|
"modified": "2017-09-08T15:19:48.000Z",
|
||
|
"pattern": "[url:value = 'http://labkonstrukt.com/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b514-31d4-434e-915d-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:48.000Z",
|
||
|
"modified": "2017-09-08T15:19:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'labkonstrukt.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b514-40a8-46d4-83ef-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:48.000Z",
|
||
|
"modified": "2017-09-08T15:19:48.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:48Z",
|
||
|
"last_observed": "2017-09-08T15:19:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b514-40a8-46d4-83ef-7f0b950d210f",
|
||
|
"ipv4-addr--59b2b514-40a8-46d4-83ef-7f0b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b514-40a8-46d4-83ef-7f0b950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b514-40a8-46d4-83ef-7f0b950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b514-40a8-46d4-83ef-7f0b950d210f",
|
||
|
"value": "216.151.169.7"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b515-cb90-460f-ab30-2df1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:49.000Z",
|
||
|
"modified": "2017-09-08T15:19:49.000Z",
|
||
|
"pattern": "[url:value = 'http://lgmartinmd.com/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b515-86a8-4e57-9f34-46fc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:49.000Z",
|
||
|
"modified": "2017-09-08T15:19:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'lgmartinmd.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b515-c52c-4ad3-814d-4453950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:49.000Z",
|
||
|
"modified": "2017-09-08T15:19:49.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:49Z",
|
||
|
"last_observed": "2017-09-08T15:19:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b515-c52c-4ad3-814d-4453950d210f",
|
||
|
"ipv4-addr--59b2b515-c52c-4ad3-814d-4453950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b515-c52c-4ad3-814d-4453950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b515-c52c-4ad3-814d-4453950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b515-c52c-4ad3-814d-4453950d210f",
|
||
|
"value": "66.135.49.29"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b515-4fcc-4559-9faa-41de950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:49.000Z",
|
||
|
"modified": "2017-09-08T15:19:49.000Z",
|
||
|
"pattern": "[url:value = 'http://melospub.hu/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b515-c130-4dfa-a5c5-7d59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:49.000Z",
|
||
|
"modified": "2017-09-08T15:19:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'melospub.hu']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b516-827c-493f-ac3b-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:50.000Z",
|
||
|
"modified": "2017-09-08T15:19:50.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:50Z",
|
||
|
"last_observed": "2017-09-08T15:19:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b516-827c-493f-ac3b-7959950d210f",
|
||
|
"ipv4-addr--59b2b516-827c-493f-ac3b-7959950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b516-827c-493f-ac3b-7959950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b516-827c-493f-ac3b-7959950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b516-827c-493f-ac3b-7959950d210f",
|
||
|
"value": "91.83.93.84"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b516-71d4-49d6-b950-2df1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:50.000Z",
|
||
|
"modified": "2017-09-08T15:19:50.000Z",
|
||
|
"pattern": "[url:value = 'http://mercaropa.es/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b516-8830-4b6d-b3a9-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:50.000Z",
|
||
|
"modified": "2017-09-08T15:19:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'mercaropa.es']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b516-2114-4b4d-9d4b-4a5f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:50.000Z",
|
||
|
"modified": "2017-09-08T15:19:50.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:50Z",
|
||
|
"last_observed": "2017-09-08T15:19:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b516-2114-4b4d-9d4b-4a5f950d210f",
|
||
|
"ipv4-addr--59b2b516-2114-4b4d-9d4b-4a5f950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b516-2114-4b4d-9d4b-4a5f950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b516-2114-4b4d-9d4b-4a5f950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b516-2114-4b4d-9d4b-4a5f950d210f",
|
||
|
"value": "185.18.197.109"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b516-a5ec-45ca-b6dc-4cfa950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:50.000Z",
|
||
|
"modified": "2017-09-08T15:19:50.000Z",
|
||
|
"pattern": "[url:value = 'http://mobimento.com/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b517-0e50-4cde-88c8-45f5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:51.000Z",
|
||
|
"modified": "2017-09-08T15:19:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'mobimento.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b517-b26c-4022-b467-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:51.000Z",
|
||
|
"modified": "2017-09-08T15:19:51.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:51Z",
|
||
|
"last_observed": "2017-09-08T15:19:51Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b517-b26c-4022-b467-7959950d210f",
|
||
|
"ipv4-addr--59b2b517-b26c-4022-b467-7959950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b517-b26c-4022-b467-7959950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b517-b26c-4022-b467-7959950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b517-b26c-4022-b467-7959950d210f",
|
||
|
"value": "84.246.211.55"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b517-8ce8-49ba-8914-457f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:51.000Z",
|
||
|
"modified": "2017-09-08T15:19:51.000Z",
|
||
|
"pattern": "[url:value = 'http://mybarracuda.ca/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b517-7b24-45a1-9515-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:51.000Z",
|
||
|
"modified": "2017-09-08T15:19:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'mybarracuda.ca']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b518-6570-4c47-8a08-405c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:52.000Z",
|
||
|
"modified": "2017-09-08T15:19:52.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:52Z",
|
||
|
"last_observed": "2017-09-08T15:19:52Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b518-6570-4c47-8a08-405c950d210f",
|
||
|
"ipv4-addr--59b2b518-6570-4c47-8a08-405c950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b518-6570-4c47-8a08-405c950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b518-6570-4c47-8a08-405c950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b518-6570-4c47-8a08-405c950d210f",
|
||
|
"value": "208.92.134.170"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b518-6b74-4077-8064-41bf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:52.000Z",
|
||
|
"modified": "2017-09-08T15:19:52.000Z",
|
||
|
"pattern": "[url:value = 'http://pacalik.net/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b518-59b8-48b0-8a70-48c7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:52.000Z",
|
||
|
"modified": "2017-09-08T15:19:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'pacalik.net']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b519-3b68-4534-8aa3-402b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:53.000Z",
|
||
|
"modified": "2017-09-08T15:19:53.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:53Z",
|
||
|
"last_observed": "2017-09-08T15:19:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b519-3b68-4534-8aa3-402b950d210f",
|
||
|
"ipv4-addr--59b2b519-3b68-4534-8aa3-402b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b519-3b68-4534-8aa3-402b950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b519-3b68-4534-8aa3-402b950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b519-3b68-4534-8aa3-402b950d210f",
|
||
|
"value": "93.187.200.105"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b519-0818-4bef-98ec-4fa4950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:53.000Z",
|
||
|
"modified": "2017-09-08T15:19:53.000Z",
|
||
|
"pattern": "[url:value = 'http://pahema.es/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b519-1ff4-4067-984e-2df1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:53.000Z",
|
||
|
"modified": "2017-09-08T15:19:53.000Z",
|
||
|
"pattern": "[domain-name:value = 'pahema.es']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b519-e2e8-44c5-987d-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:53.000Z",
|
||
|
"modified": "2017-09-08T15:19:53.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:53Z",
|
||
|
"last_observed": "2017-09-08T15:19:53Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b519-e2e8-44c5-987d-7f0b950d210f",
|
||
|
"ipv4-addr--59b2b519-e2e8-44c5-987d-7f0b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b519-e2e8-44c5-987d-7f0b950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b519-e2e8-44c5-987d-7f0b950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b519-e2e8-44c5-987d-7f0b950d210f",
|
||
|
"value": "94.127.190.141"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b519-2e68-42b0-8a2a-4c18950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:53.000Z",
|
||
|
"modified": "2017-09-08T15:19:53.000Z",
|
||
|
"pattern": "[url:value = 'http://peopleiknow.org/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51a-f3b4-40be-82f9-40bc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:54.000Z",
|
||
|
"modified": "2017-09-08T15:19:54.000Z",
|
||
|
"pattern": "[domain-name:value = 'peopleiknow.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b51a-0168-46e2-970c-7d59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:54.000Z",
|
||
|
"modified": "2017-09-08T15:19:54.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:54Z",
|
||
|
"last_observed": "2017-09-08T15:19:54Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b51a-0168-46e2-970c-7d59950d210f",
|
||
|
"ipv4-addr--59b2b51a-0168-46e2-970c-7d59950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b51a-0168-46e2-970c-7d59950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b51a-0168-46e2-970c-7d59950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b51a-0168-46e2-970c-7d59950d210f",
|
||
|
"value": "67.210.102.240"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51a-b4ac-48ee-b52d-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:54.000Z",
|
||
|
"modified": "2017-09-08T15:19:54.000Z",
|
||
|
"pattern": "[url:value = 'http://pesonamas.co.id/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51a-ea10-4f0f-a223-42f7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:54.000Z",
|
||
|
"modified": "2017-09-08T15:19:54.000Z",
|
||
|
"pattern": "[domain-name:value = 'pesonamas.co.id']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b51b-2430-4c7d-a392-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:55.000Z",
|
||
|
"modified": "2017-09-08T15:19:55.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:55Z",
|
||
|
"last_observed": "2017-09-08T15:19:55Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b51b-2430-4c7d-a392-7f0b950d210f",
|
||
|
"ipv4-addr--59b2b51b-2430-4c7d-a392-7f0b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b51b-2430-4c7d-a392-7f0b950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b51b-2430-4c7d-a392-7f0b950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b51b-2430-4c7d-a392-7f0b950d210f",
|
||
|
"value": "202.169.44.149"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51b-5840-4ba0-8b5d-427e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:55.000Z",
|
||
|
"modified": "2017-09-08T15:19:55.000Z",
|
||
|
"pattern": "[url:value = 'http://playitmore.com/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:55Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51c-ac40-4ba6-90c5-4163950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:56.000Z",
|
||
|
"modified": "2017-09-08T15:19:56.000Z",
|
||
|
"pattern": "[domain-name:value = 'playitmore.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b51c-2ca0-4e74-95b0-7d59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:56.000Z",
|
||
|
"modified": "2017-09-08T15:19:56.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:56Z",
|
||
|
"last_observed": "2017-09-08T15:19:56Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b51c-2ca0-4e74-95b0-7d59950d210f",
|
||
|
"ipv4-addr--59b2b51c-2ca0-4e74-95b0-7d59950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b51c-2ca0-4e74-95b0-7d59950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b51c-2ca0-4e74-95b0-7d59950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b51c-2ca0-4e74-95b0-7d59950d210f",
|
||
|
"value": "66.36.166.78"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51c-98d4-4c9c-8a05-7920950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:56.000Z",
|
||
|
"modified": "2017-09-08T15:19:56.000Z",
|
||
|
"pattern": "[url:value = 'http://pmpimmobiliare.it/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51c-6204-4ec1-8402-4383950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:56.000Z",
|
||
|
"modified": "2017-09-08T15:19:56.000Z",
|
||
|
"pattern": "[domain-name:value = 'pmpimmobiliare.it']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b51d-3908-43b7-a667-2df1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:57.000Z",
|
||
|
"modified": "2017-09-08T15:19:57.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:57Z",
|
||
|
"last_observed": "2017-09-08T15:19:57Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b51d-3908-43b7-a667-2df1950d210f",
|
||
|
"ipv4-addr--59b2b51d-3908-43b7-a667-2df1950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b51d-3908-43b7-a667-2df1950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b51d-3908-43b7-a667-2df1950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b51d-3908-43b7-a667-2df1950d210f",
|
||
|
"value": "95.110.231.145"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51d-87bc-4e87-ba8f-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:57.000Z",
|
||
|
"modified": "2017-09-08T15:19:57.000Z",
|
||
|
"pattern": "[url:value = 'http://promotamail.co.uk/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51d-260c-4dd0-b7cf-4004950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:57.000Z",
|
||
|
"modified": "2017-09-08T15:19:57.000Z",
|
||
|
"pattern": "[domain-name:value = 'promotamail.co.uk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b51d-7e08-467c-9c98-4755950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:57.000Z",
|
||
|
"modified": "2017-09-08T15:19:57.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:57Z",
|
||
|
"last_observed": "2017-09-08T15:19:57Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b51d-7e08-467c-9c98-4755950d210f",
|
||
|
"ipv4-addr--59b2b51d-7e08-467c-9c98-4755950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b51d-7e08-467c-9c98-4755950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b51d-7e08-467c-9c98-4755950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b51d-7e08-467c-9c98-4755950d210f",
|
||
|
"value": "87.106.55.148"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51d-50a0-4d55-9036-4f41950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:57.000Z",
|
||
|
"modified": "2017-09-08T15:19:57.000Z",
|
||
|
"pattern": "[url:value = 'http://queerfilms.eu/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51e-0798-4a34-af5e-4ee5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:58.000Z",
|
||
|
"modified": "2017-09-08T15:19:58.000Z",
|
||
|
"pattern": "[domain-name:value = 'queerfilms.eu']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b51e-8a88-4827-be9a-42af950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:58.000Z",
|
||
|
"modified": "2017-09-08T15:19:58.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:58Z",
|
||
|
"last_observed": "2017-09-08T15:19:58Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b51e-8a88-4827-be9a-42af950d210f",
|
||
|
"ipv4-addr--59b2b51e-8a88-4827-be9a-42af950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b51e-8a88-4827-be9a-42af950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b51e-8a88-4827-be9a-42af950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b51e-8a88-4827-be9a-42af950d210f",
|
||
|
"value": "87.106.214.208"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51e-2ef8-4839-8d84-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:58.000Z",
|
||
|
"modified": "2017-09-08T15:19:58.000Z",
|
||
|
"pattern": "[url:value = 'http://roadsendretreat.org/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51f-4d7c-42b1-9dbe-413a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:59.000Z",
|
||
|
"modified": "2017-09-08T15:19:59.000Z",
|
||
|
"pattern": "[domain-name:value = 'roadsendretreat.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b51f-2ee8-4de1-ad57-427b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:59.000Z",
|
||
|
"modified": "2017-09-08T15:19:59.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:59Z",
|
||
|
"last_observed": "2017-09-08T15:19:59Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b51f-2ee8-4de1-ad57-427b950d210f",
|
||
|
"ipv4-addr--59b2b51f-2ee8-4de1-ad57-427b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b51f-2ee8-4de1-ad57-427b950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b51f-2ee8-4de1-ad57-427b950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b51f-2ee8-4de1-ad57-427b950d210f",
|
||
|
"value": "64.6.227.107"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51f-5a30-4f43-990f-406f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:59.000Z",
|
||
|
"modified": "2017-09-08T15:19:59.000Z",
|
||
|
"pattern": "[url:value = 'http://robbie.ggc-bremen.de/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b51f-f1a0-4f3d-beb9-41ce950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:59.000Z",
|
||
|
"modified": "2017-09-08T15:19:59.000Z",
|
||
|
"pattern": "[domain-name:value = 'robbie.ggc-bremen.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:19:59Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b51f-71bc-4f66-ae79-7920950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:19:59.000Z",
|
||
|
"modified": "2017-09-08T15:19:59.000Z",
|
||
|
"first_observed": "2017-09-08T15:19:59Z",
|
||
|
"last_observed": "2017-09-08T15:19:59Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b51f-71bc-4f66-ae79-7920950d210f",
|
||
|
"ipv4-addr--59b2b51f-71bc-4f66-ae79-7920950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b51f-71bc-4f66-ae79-7920950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b51f-71bc-4f66-ae79-7920950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b51f-71bc-4f66-ae79-7920950d210f",
|
||
|
"value": "217.160.7.189"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b520-f6b4-420e-8109-4b10950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:00.000Z",
|
||
|
"modified": "2017-09-08T15:20:00.000Z",
|
||
|
"pattern": "[url:value = 'http://robsacks.com/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b520-6654-4895-b5c0-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:00.000Z",
|
||
|
"modified": "2017-09-08T15:20:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'robsacks.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b520-bdcc-43ce-8124-2df1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:00.000Z",
|
||
|
"modified": "2017-09-08T15:20:00.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:00Z",
|
||
|
"last_observed": "2017-09-08T15:20:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b520-bdcc-43ce-8124-2df1950d210f",
|
||
|
"ipv4-addr--59b2b520-bdcc-43ce-8124-2df1950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b520-bdcc-43ce-8124-2df1950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b520-bdcc-43ce-8124-2df1950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b520-bdcc-43ce-8124-2df1950d210f",
|
||
|
"value": "184.168.92.220"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b520-497c-4cc5-a198-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:00.000Z",
|
||
|
"modified": "2017-09-08T15:20:00.000Z",
|
||
|
"pattern": "[url:value = 'http://sambad.com.np/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b520-f0a8-4866-b292-4e96950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:00.000Z",
|
||
|
"modified": "2017-09-08T15:20:00.000Z",
|
||
|
"pattern": "[domain-name:value = 'sambad.com.np']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:00Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b521-de84-4a10-9683-4dbd950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:01.000Z",
|
||
|
"modified": "2017-09-08T15:20:01.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:01Z",
|
||
|
"last_observed": "2017-09-08T15:20:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b521-de84-4a10-9683-4dbd950d210f",
|
||
|
"ipv4-addr--59b2b521-de84-4a10-9683-4dbd950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b521-de84-4a10-9683-4dbd950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b521-de84-4a10-9683-4dbd950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b521-de84-4a10-9683-4dbd950d210f",
|
||
|
"value": "74.200.89.84"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b521-8ab0-47f0-a255-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:01.000Z",
|
||
|
"modified": "2017-09-08T15:20:01.000Z",
|
||
|
"pattern": "[url:value = 'http://sargut.biz/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b521-f20c-4a9e-90ca-44f9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:01.000Z",
|
||
|
"modified": "2017-09-08T15:20:01.000Z",
|
||
|
"pattern": "[domain-name:value = 'sargut.biz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:01Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b522-4e4c-4370-99f7-7d59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:02.000Z",
|
||
|
"modified": "2017-09-08T15:20:02.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:02Z",
|
||
|
"last_observed": "2017-09-08T15:20:02Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b522-4e4c-4370-99f7-7d59950d210f",
|
||
|
"ipv4-addr--59b2b522-4e4c-4370-99f7-7d59950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b522-4e4c-4370-99f7-7d59950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b522-4e4c-4370-99f7-7d59950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b522-4e4c-4370-99f7-7d59950d210f",
|
||
|
"value": "109.232.216.209"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b522-87c4-4449-8a6c-7920950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:02.000Z",
|
||
|
"modified": "2017-09-08T15:20:02.000Z",
|
||
|
"pattern": "[url:value = 'http://schultedesign.de/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b522-d42c-4f9a-9c4c-4e7a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:02.000Z",
|
||
|
"modified": "2017-09-08T15:20:02.000Z",
|
||
|
"pattern": "[domain-name:value = 'schultedesign.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:02Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b522-7360-4282-b3b4-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:02.000Z",
|
||
|
"modified": "2017-09-08T15:20:02.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:02Z",
|
||
|
"last_observed": "2017-09-08T15:20:02Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b522-7360-4282-b3b4-7959950d210f",
|
||
|
"ipv4-addr--59b2b522-7360-4282-b3b4-7959950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b522-7360-4282-b3b4-7959950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b522-7360-4282-b3b4-7959950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b522-7360-4282-b3b4-7959950d210f",
|
||
|
"value": "87.106.27.99"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b523-25a8-4976-911e-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:03.000Z",
|
||
|
"modified": "2017-09-08T15:20:03.000Z",
|
||
|
"pattern": "[url:value = 'http://schwellenwertdaten.de/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b523-3cc4-4f56-a058-4735950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:03.000Z",
|
||
|
"modified": "2017-09-08T15:20:03.000Z",
|
||
|
"pattern": "[domain-name:value = 'schwellenwertdaten.de']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b523-3a90-475f-8e97-418b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:03.000Z",
|
||
|
"modified": "2017-09-08T15:20:03.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:03Z",
|
||
|
"last_observed": "2017-09-08T15:20:03Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b523-3a90-475f-8e97-418b950d210f",
|
||
|
"ipv4-addr--59b2b523-3a90-475f-8e97-418b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b523-3a90-475f-8e97-418b950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b523-3a90-475f-8e97-418b950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b523-3a90-475f-8e97-418b950d210f",
|
||
|
"value": "178.77.75.77"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b523-cc40-43db-aa6a-4c1e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:03.000Z",
|
||
|
"modified": "2017-09-08T15:20:03.000Z",
|
||
|
"pattern": "[url:value = 'http://shamanic-extracts.biz/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b523-fbf0-412f-9362-4708950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:03.000Z",
|
||
|
"modified": "2017-09-08T15:20:03.000Z",
|
||
|
"pattern": "[domain-name:value = 'shamanic-extracts.biz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:03Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b524-e9b0-4d28-b8d9-7d59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:04.000Z",
|
||
|
"modified": "2017-09-08T15:20:04.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:04Z",
|
||
|
"last_observed": "2017-09-08T15:20:04Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b524-e9b0-4d28-b8d9-7d59950d210f",
|
||
|
"ipv4-addr--59b2b524-e9b0-4d28-b8d9-7d59950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b524-e9b0-4d28-b8d9-7d59950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b524-e9b0-4d28-b8d9-7d59950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b524-e9b0-4d28-b8d9-7d59950d210f",
|
||
|
"value": "62.212.154.98"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b524-f2dc-4b70-813e-4b4b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:04.000Z",
|
||
|
"modified": "2017-09-08T15:20:04.000Z",
|
||
|
"pattern": "[url:value = 'http://socalconsumerlawyers.com/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b524-af80-422c-98aa-7920950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:04.000Z",
|
||
|
"modified": "2017-09-08T15:20:04.000Z",
|
||
|
"pattern": "[domain-name:value = 'socalconsumerlawyers.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:04Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b525-b210-41d3-ba3b-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:05.000Z",
|
||
|
"modified": "2017-09-08T15:20:05.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:05Z",
|
||
|
"last_observed": "2017-09-08T15:20:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b525-b210-41d3-ba3b-7959950d210f",
|
||
|
"ipv4-addr--59b2b525-b210-41d3-ba3b-7959950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b525-b210-41d3-ba3b-7959950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b525-b210-41d3-ba3b-7959950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b525-b210-41d3-ba3b-7959950d210f",
|
||
|
"value": "69.65.45.67"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b525-3e80-40b4-9a22-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:05.000Z",
|
||
|
"modified": "2017-09-08T15:20:05.000Z",
|
||
|
"pattern": "[url:value = 'http://sonucbirebiregitim.com/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b525-8358-48d5-a160-44d7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:05.000Z",
|
||
|
"modified": "2017-09-08T15:20:05.000Z",
|
||
|
"pattern": "[domain-name:value = 'sonucbirebiregitim.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b525-eae8-4263-9db2-467f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:05.000Z",
|
||
|
"modified": "2017-09-08T15:20:05.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:05Z",
|
||
|
"last_observed": "2017-09-08T15:20:05Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b525-eae8-4263-9db2-467f950d210f",
|
||
|
"ipv4-addr--59b2b525-eae8-4263-9db2-467f950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b525-eae8-4263-9db2-467f950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b525-eae8-4263-9db2-467f950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b525-eae8-4263-9db2-467f950d210f",
|
||
|
"value": "31.210.94.35"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b525-9790-4ab2-b73b-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:05.000Z",
|
||
|
"modified": "2017-09-08T15:20:05.000Z",
|
||
|
"pattern": "[url:value = 'http://tbba.co.uk/MS_INV_1046.7z']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b525-2120-42c9-8aa4-7d59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:05.000Z",
|
||
|
"modified": "2017-09-08T15:20:05.000Z",
|
||
|
"pattern": "[domain-name:value = 'tbba.co.uk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:05Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b526-4b80-4a21-a39f-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:06.000Z",
|
||
|
"modified": "2017-09-08T15:20:06.000Z",
|
||
|
"pattern": "[url:value = 'http://aac-autoecole.com/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b526-839c-4a1c-add1-4615950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:06.000Z",
|
||
|
"modified": "2017-09-08T15:20:06.000Z",
|
||
|
"pattern": "[domain-name:value = 'aac-autoecole.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:06Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b527-300c-4df2-9a60-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:07.000Z",
|
||
|
"modified": "2017-09-08T15:20:07.000Z",
|
||
|
"pattern": "[url:value = 'http://activ-conduite.eu/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b527-d208-49fb-a545-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:07.000Z",
|
||
|
"modified": "2017-09-08T15:20:07.000Z",
|
||
|
"pattern": "[domain-name:value = 'activ-conduite.eu']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b527-1924-4ff9-ac86-7920950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:07.000Z",
|
||
|
"modified": "2017-09-08T15:20:07.000Z",
|
||
|
"pattern": "[url:value = 'http://autoecolecarnot.com/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b527-68bc-467d-a2e1-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:07.000Z",
|
||
|
"modified": "2017-09-08T15:20:07.000Z",
|
||
|
"pattern": "[domain-name:value = 'autoecolecarnot.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:07Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b528-f8e0-4492-aacd-2df1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:08.000Z",
|
||
|
"modified": "2017-09-08T15:20:08.000Z",
|
||
|
"pattern": "[url:value = 'http://awholeblueworld.com/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b528-efec-4624-a7f3-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:08.000Z",
|
||
|
"modified": "2017-09-08T15:20:08.000Z",
|
||
|
"pattern": "[domain-name:value = 'awholeblueworld.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b528-3e1c-4166-b6bc-43ee950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:08.000Z",
|
||
|
"modified": "2017-09-08T15:20:08.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:08Z",
|
||
|
"last_observed": "2017-09-08T15:20:08Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b528-3e1c-4166-b6bc-43ee950d210f",
|
||
|
"ipv4-addr--59b2b528-3e1c-4166-b6bc-43ee950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b528-3e1c-4166-b6bc-43ee950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b528-3e1c-4166-b6bc-43ee950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b528-3e1c-4166-b6bc-43ee950d210f",
|
||
|
"value": "66.36.173.215"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b528-21e8-4533-a2bf-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:08.000Z",
|
||
|
"modified": "2017-09-08T15:20:08.000Z",
|
||
|
"pattern": "[url:value = 'http://bit-chasers.com/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:08Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b529-9b2c-45c8-bdc0-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:09.000Z",
|
||
|
"modified": "2017-09-08T15:20:09.000Z",
|
||
|
"pattern": "[domain-name:value = 'bit-chasers.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b529-6998-4671-86ca-43fb950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:09.000Z",
|
||
|
"modified": "2017-09-08T15:20:09.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:09Z",
|
||
|
"last_observed": "2017-09-08T15:20:09Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b529-6998-4671-86ca-43fb950d210f",
|
||
|
"ipv4-addr--59b2b529-6998-4671-86ca-43fb950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b529-6998-4671-86ca-43fb950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b529-6998-4671-86ca-43fb950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b529-6998-4671-86ca-43fb950d210f",
|
||
|
"value": "98.124.251.176"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b529-d0b4-4bd2-a383-4af3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:09.000Z",
|
||
|
"modified": "2017-09-08T15:20:09.000Z",
|
||
|
"pattern": "[url:value = 'http://blaeberrycabin.com/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b529-5f8c-414a-8207-4a44950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:09.000Z",
|
||
|
"modified": "2017-09-08T15:20:09.000Z",
|
||
|
"pattern": "[domain-name:value = 'blaeberrycabin.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:09Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b52a-1c40-47f1-bf23-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:10.000Z",
|
||
|
"modified": "2017-09-08T15:20:10.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:10Z",
|
||
|
"last_observed": "2017-09-08T15:20:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b52a-1c40-47f1-bf23-7f0b950d210f",
|
||
|
"ipv4-addr--59b2b52a-1c40-47f1-bf23-7f0b950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b52a-1c40-47f1-bf23-7f0b950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b52a-1c40-47f1-bf23-7f0b950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b52a-1c40-47f1-bf23-7f0b950d210f",
|
||
|
"value": "64.77.72.43"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b52a-cd10-42d4-9b6a-4569950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:10.000Z",
|
||
|
"modified": "2017-09-08T15:20:10.000Z",
|
||
|
"pattern": "[url:value = 'http://brandingforbuyout.com/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b52a-d4dc-46d0-8dbd-48d1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:10.000Z",
|
||
|
"modified": "2017-09-08T15:20:10.000Z",
|
||
|
"pattern": "[domain-name:value = 'brandingforbuyout.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:10Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b52a-6af8-4dc8-bed1-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:10.000Z",
|
||
|
"modified": "2017-09-08T15:20:10.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:10Z",
|
||
|
"last_observed": "2017-09-08T15:20:10Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b52a-6af8-4dc8-bed1-7dfc950d210f",
|
||
|
"ipv4-addr--59b2b52a-6af8-4dc8-bed1-7dfc950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b52a-6af8-4dc8-bed1-7dfc950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b52a-6af8-4dc8-bed1-7dfc950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b52a-6af8-4dc8-bed1-7dfc950d210f",
|
||
|
"value": "74.208.163.59"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b52b-e728-4937-8688-4bdf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:11.000Z",
|
||
|
"modified": "2017-09-08T15:20:11.000Z",
|
||
|
"pattern": "[url:value = 'http://dueeffepromotion.com/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b52b-0c7c-47ab-99ea-4d92950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:11.000Z",
|
||
|
"modified": "2017-09-08T15:20:11.000Z",
|
||
|
"pattern": "[domain-name:value = 'dueeffepromotion.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b52b-23cc-4d8e-bf17-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:11.000Z",
|
||
|
"modified": "2017-09-08T15:20:11.000Z",
|
||
|
"pattern": "[url:value = 'http://etforhartohat.info/af/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b52b-1530-4a90-a22f-2df1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:11.000Z",
|
||
|
"modified": "2017-09-08T15:20:11.000Z",
|
||
|
"pattern": "[domain-name:value = 'etforhartohat.info']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:11Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b549-c0d8-46ec-a648-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:41.000Z",
|
||
|
"modified": "2017-09-08T15:20:41.000Z",
|
||
|
"pattern": "[url:value = 'http://geolearner.com/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:41Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54a-d3ec-40a0-a64a-4642950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:42.000Z",
|
||
|
"modified": "2017-09-08T15:20:42.000Z",
|
||
|
"pattern": "[domain-name:value = 'geolearner.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b54a-9180-4a1c-9bef-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:42.000Z",
|
||
|
"modified": "2017-09-08T15:20:42.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:42Z",
|
||
|
"last_observed": "2017-09-08T15:20:42Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b54a-9180-4a1c-9bef-7e8e950d210f",
|
||
|
"ipv4-addr--59b2b54a-9180-4a1c-9bef-7e8e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b54a-9180-4a1c-9bef-7e8e950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b54a-9180-4a1c-9bef-7e8e950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b54a-9180-4a1c-9bef-7e8e950d210f",
|
||
|
"value": "74.208.47.86"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54a-64d4-4329-9287-404f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:42.000Z",
|
||
|
"modified": "2017-09-08T15:20:42.000Z",
|
||
|
"pattern": "[url:value = 'http://handhi.com/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54a-1fb4-4600-845a-7d59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:42.000Z",
|
||
|
"modified": "2017-09-08T15:20:42.000Z",
|
||
|
"pattern": "[domain-name:value = 'handhi.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:42Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b54b-f5b0-4d1e-9930-475e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:43.000Z",
|
||
|
"modified": "2017-09-08T15:20:43.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:43Z",
|
||
|
"last_observed": "2017-09-08T15:20:43Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b54b-f5b0-4d1e-9930-475e950d210f",
|
||
|
"ipv4-addr--59b2b54b-f5b0-4d1e-9930-475e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b54b-f5b0-4d1e-9930-475e950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b54b-f5b0-4d1e-9930-475e950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b54b-f5b0-4d1e-9930-475e950d210f",
|
||
|
"value": "162.213.255.19"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54b-3888-455b-93d1-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:43.000Z",
|
||
|
"modified": "2017-09-08T15:20:43.000Z",
|
||
|
"pattern": "[url:value = 'http://lagrangeglassandmirrorco.com/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:43Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54c-332c-488d-972a-44e0950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:44.000Z",
|
||
|
"modified": "2017-09-08T15:20:44.000Z",
|
||
|
"pattern": "[domain-name:value = 'lagrangeglassandmirrorco.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54c-d3bc-4495-8539-7920950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:44.000Z",
|
||
|
"modified": "2017-09-08T15:20:44.000Z",
|
||
|
"pattern": "[url:value = 'http://lp-usti.cz/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54c-82d0-4671-9c8c-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:44.000Z",
|
||
|
"modified": "2017-09-08T15:20:44.000Z",
|
||
|
"pattern": "[domain-name:value = 'lp-usti.cz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:44Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b54c-188c-416c-a32c-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:44.000Z",
|
||
|
"modified": "2017-09-08T15:20:44.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:44Z",
|
||
|
"last_observed": "2017-09-08T15:20:44Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b54c-188c-416c-a32c-7e8e950d210f",
|
||
|
"ipv4-addr--59b2b54c-188c-416c-a32c-7e8e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b54c-188c-416c-a32c-7e8e950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b54c-188c-416c-a32c-7e8e950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b54c-188c-416c-a32c-7e8e950d210f",
|
||
|
"value": "77.48.30.84"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54d-2094-49be-aceb-4761950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:45.000Z",
|
||
|
"modified": "2017-09-08T15:20:45.000Z",
|
||
|
"pattern": "[url:value = 'http://montessibooks.com/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54d-9164-4b21-ae45-7d59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:45.000Z",
|
||
|
"modified": "2017-09-08T15:20:45.000Z",
|
||
|
"pattern": "[domain-name:value = 'montessibooks.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b54d-74ec-483f-9a6e-4fd3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:45.000Z",
|
||
|
"modified": "2017-09-08T15:20:45.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:45Z",
|
||
|
"last_observed": "2017-09-08T15:20:45Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b54d-74ec-483f-9a6e-4fd3950d210f",
|
||
|
"ipv4-addr--59b2b54d-74ec-483f-9a6e-4fd3950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b54d-74ec-483f-9a6e-4fd3950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b54d-74ec-483f-9a6e-4fd3950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b54d-74ec-483f-9a6e-4fd3950d210f",
|
||
|
"value": "166.62.123.214"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54d-18c4-4798-adfa-7920950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:45.000Z",
|
||
|
"modified": "2017-09-08T15:20:45.000Z",
|
||
|
"pattern": "[url:value = 'http://multicolourflyers.co.uk/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54d-45b8-4c4a-9611-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:45.000Z",
|
||
|
"modified": "2017-09-08T15:20:45.000Z",
|
||
|
"pattern": "[domain-name:value = 'multicolourflyers.co.uk']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:45Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b54e-b308-45c2-9f16-4d51950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:46.000Z",
|
||
|
"modified": "2017-09-08T15:20:46.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:46Z",
|
||
|
"last_observed": "2017-09-08T15:20:46Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b54e-b308-45c2-9f16-4d51950d210f",
|
||
|
"ipv4-addr--59b2b54e-b308-45c2-9f16-4d51950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b54e-b308-45c2-9f16-4d51950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b54e-b308-45c2-9f16-4d51950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b54e-b308-45c2-9f16-4d51950d210f",
|
||
|
"value": "87.117.242.30"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54e-fd2c-45b3-adef-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:46.000Z",
|
||
|
"modified": "2017-09-08T15:20:46.000Z",
|
||
|
"pattern": "[url:value = 'http://ostiavolleyclub.it/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54e-4950-4d22-bc21-43c7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:46.000Z",
|
||
|
"modified": "2017-09-08T15:20:46.000Z",
|
||
|
"pattern": "[domain-name:value = 'ostiavolleyclub.it']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:46Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b54e-53dc-48d2-ba4d-4e2a950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:46.000Z",
|
||
|
"modified": "2017-09-08T15:20:46.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:46Z",
|
||
|
"last_observed": "2017-09-08T15:20:46Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b54e-53dc-48d2-ba4d-4e2a950d210f",
|
||
|
"ipv4-addr--59b2b54e-53dc-48d2-ba4d-4e2a950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b54e-53dc-48d2-ba4d-4e2a950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b54e-53dc-48d2-ba4d-4e2a950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b54e-53dc-48d2-ba4d-4e2a950d210f",
|
||
|
"value": "85.235.130.41"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54f-7800-43cc-a6aa-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:47.000Z",
|
||
|
"modified": "2017-09-08T15:20:47.000Z",
|
||
|
"pattern": "[url:value = 'http://pack-lines.com/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54f-dfb4-421f-bea4-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:47.000Z",
|
||
|
"modified": "2017-09-08T15:20:47.000Z",
|
||
|
"pattern": "[domain-name:value = 'pack-lines.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54f-f778-4b6b-a179-7d59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:47.000Z",
|
||
|
"modified": "2017-09-08T15:20:47.000Z",
|
||
|
"pattern": "[url:value = 'http://qxr33qxr.com/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b54f-4638-4f7e-94c7-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:47.000Z",
|
||
|
"modified": "2017-09-08T15:20:47.000Z",
|
||
|
"pattern": "[domain-name:value = 'qxr33qxr.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:47Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b550-5df0-401d-b6b2-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:48.000Z",
|
||
|
"modified": "2017-09-08T15:20:48.000Z",
|
||
|
"pattern": "[url:value = 'http://studiotoscanosrl.it/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b550-f260-4be6-9cf9-4ef6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:48.000Z",
|
||
|
"modified": "2017-09-08T15:20:48.000Z",
|
||
|
"pattern": "[domain-name:value = 'studiotoscanosrl.it']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b550-31d8-40e7-947e-4ecf950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:48.000Z",
|
||
|
"modified": "2017-09-08T15:20:48.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:48Z",
|
||
|
"last_observed": "2017-09-08T15:20:48Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b550-31d8-40e7-947e-4ecf950d210f",
|
||
|
"ipv4-addr--59b2b550-31d8-40e7-947e-4ecf950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b550-31d8-40e7-947e-4ecf950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b550-31d8-40e7-947e-4ecf950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b550-31d8-40e7-947e-4ecf950d210f",
|
||
|
"value": "85.235.130.42"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b550-5054-4a81-bef5-4c87950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:48.000Z",
|
||
|
"modified": "2017-09-08T15:20:48.000Z",
|
||
|
"pattern": "[url:value = 'http://suncoastot.com/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:48Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b551-6e74-4f61-89ed-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:49.000Z",
|
||
|
"modified": "2017-09-08T15:20:49.000Z",
|
||
|
"pattern": "[domain-name:value = 'suncoastot.com']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b551-fabc-4c25-b776-2df1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:49.000Z",
|
||
|
"modified": "2017-09-08T15:20:49.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:49Z",
|
||
|
"last_observed": "2017-09-08T15:20:49Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b551-fabc-4c25-b776-2df1950d210f",
|
||
|
"ipv4-addr--59b2b551-fabc-4c25-b776-2df1950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b551-fabc-4c25-b776-2df1950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b551-fabc-4c25-b776-2df1950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b551-fabc-4c25-b776-2df1950d210f",
|
||
|
"value": "98.124.252.176"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b551-3d38-48ba-8cdf-4cc7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:49.000Z",
|
||
|
"modified": "2017-09-08T15:20:49.000Z",
|
||
|
"pattern": "[url:value = 'http://weekendjevliegen.nl/3936jkgHGdcm']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:49Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b552-d788-4d25-b3b9-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:50.000Z",
|
||
|
"modified": "2017-09-08T15:20:50.000Z",
|
||
|
"pattern": "[domain-name:value = 'weekendjevliegen.nl']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:50Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b552-27e0-4f3a-8580-4567950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:50.000Z",
|
||
|
"modified": "2017-09-08T15:20:50.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:50Z",
|
||
|
"last_observed": "2017-09-08T15:20:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b552-27e0-4f3a-8580-4567950d210f",
|
||
|
"ipv4-addr--59b2b552-27e0-4f3a-8580-4567950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b552-27e0-4f3a-8580-4567950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b552-27e0-4f3a-8580-4567950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b552-27e0-4f3a-8580-4567950d210f",
|
||
|
"value": "62.212.152.143"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b552-e02c-47e4-bf7c-484e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:50.000Z",
|
||
|
"modified": "2017-09-08T15:20:50.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:50Z",
|
||
|
"last_observed": "2017-09-08T15:20:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59b2b552-e02c-47e4-bf7c-484e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59b2b552-e02c-47e4-bf7c-484e950d210f",
|
||
|
"value": "http://46.148.20.53/imageload.cgi"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b552-cb78-494e-bae7-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:50.000Z",
|
||
|
"modified": "2017-09-08T15:20:50.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:50Z",
|
||
|
"last_observed": "2017-09-08T15:20:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b552-cb78-494e-bae7-7dfc950d210f",
|
||
|
"ipv4-addr--59b2b552-cb78-494e-bae7-7dfc950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b552-cb78-494e-bae7-7dfc950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b552-cb78-494e-bae7-7dfc950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b552-cb78-494e-bae7-7dfc950d210f",
|
||
|
"value": "46.148.20.53"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b552-a710-4b60-8448-2df1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:50.000Z",
|
||
|
"modified": "2017-09-08T15:20:50.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:50Z",
|
||
|
"last_observed": "2017-09-08T15:20:50Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59b2b552-a710-4b60-8448-2df1950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59b2b552-a710-4b60-8448-2df1950d210f",
|
||
|
"value": "http://185.67.2.156/imageload.cgi"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b553-94d4-4525-92d0-7920950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:51.000Z",
|
||
|
"modified": "2017-09-08T15:20:51.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:51Z",
|
||
|
"last_observed": "2017-09-08T15:20:51Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b553-94d4-4525-92d0-7920950d210f",
|
||
|
"ipv4-addr--59b2b553-94d4-4525-92d0-7920950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b553-94d4-4525-92d0-7920950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b553-94d4-4525-92d0-7920950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b553-94d4-4525-92d0-7920950d210f",
|
||
|
"value": "185.67.2.156"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b553-979c-4aad-af67-471b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:51.000Z",
|
||
|
"modified": "2017-09-08T15:20:51.000Z",
|
||
|
"pattern": "[url:value = 'http://prmbrvmfn.info/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b553-af28-473a-9f16-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:51.000Z",
|
||
|
"modified": "2017-09-08T15:20:51.000Z",
|
||
|
"pattern": "[domain-name:value = 'prmbrvmfn.info']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:51Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b554-8080-4087-ba4f-4352950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:52.000Z",
|
||
|
"modified": "2017-09-08T15:20:52.000Z",
|
||
|
"pattern": "[url:value = 'http://ixrxiuhiom.pl/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b554-9c80-4a9b-b6dd-7d59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:52.000Z",
|
||
|
"modified": "2017-09-08T15:20:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'ixrxiuhiom.pl']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b554-8e68-4d50-896b-7920950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:52.000Z",
|
||
|
"modified": "2017-09-08T15:20:52.000Z",
|
||
|
"pattern": "[url:value = 'http://oyqpewwxqsf.work/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b554-383c-4129-bbae-47c9950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:52.000Z",
|
||
|
"modified": "2017-09-08T15:20:52.000Z",
|
||
|
"pattern": "[domain-name:value = 'oyqpewwxqsf.work']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:52Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b555-9208-4090-aa42-4c8c950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:53.000Z",
|
||
|
"modified": "2017-09-08T15:20:53.000Z",
|
||
|
"pattern": "[url:value = 'http://frlybjtvkfyv.xyz/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b555-a528-4390-bc3f-44e6950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:53.000Z",
|
||
|
"modified": "2017-09-08T15:20:53.000Z",
|
||
|
"pattern": "[domain-name:value = 'frlybjtvkfyv.xyz']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b555-a704-46ed-9114-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:53.000Z",
|
||
|
"modified": "2017-09-08T15:20:53.000Z",
|
||
|
"pattern": "[url:value = 'http://qwebytfovhn.info/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b555-1ce8-4c59-8975-4b08950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:53.000Z",
|
||
|
"modified": "2017-09-08T15:20:53.000Z",
|
||
|
"pattern": "[domain-name:value = 'qwebytfovhn.info']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:53Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b556-5cc8-4a4f-a625-40b5950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:54.000Z",
|
||
|
"modified": "2017-09-08T15:20:54.000Z",
|
||
|
"pattern": "[url:value = 'http://pktqwaartwhgm.org/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b556-6bd0-4606-8bd9-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:54.000Z",
|
||
|
"modified": "2017-09-08T15:20:54.000Z",
|
||
|
"pattern": "[domain-name:value = 'pktqwaartwhgm.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b556-c698-412d-849c-4695950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:54.000Z",
|
||
|
"modified": "2017-09-08T15:20:54.000Z",
|
||
|
"pattern": "[url:value = 'http://gnpcodwewcbiuuv.pw/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b556-42e8-4311-b97a-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:54.000Z",
|
||
|
"modified": "2017-09-08T15:20:54.000Z",
|
||
|
"pattern": "[domain-name:value = 'gnpcodwewcbiuuv.pw']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:54Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b557-31a0-4134-aeb4-43f2950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:55.000Z",
|
||
|
"modified": "2017-09-08T15:20:55.000Z",
|
||
|
"first_observed": "2017-09-08T15:20:55Z",
|
||
|
"last_observed": "2017-09-08T15:20:55Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"network-traffic--59b2b557-31a0-4134-aeb4-43f2950d210f",
|
||
|
"ipv4-addr--59b2b557-31a0-4134-aeb4-43f2950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"ip-dst\"",
|
||
|
"misp:category=\"Network activity\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "network-traffic",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "network-traffic--59b2b557-31a0-4134-aeb4-43f2950d210f",
|
||
|
"dst_ref": "ipv4-addr--59b2b557-31a0-4134-aeb4-43f2950d210f",
|
||
|
"protocols": [
|
||
|
"tcp"
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "ipv4-addr",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "ipv4-addr--59b2b557-31a0-4134-aeb4-43f2950d210f",
|
||
|
"value": "141.8.226.58"
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b558-e6f0-4ce4-b8c0-7959950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:56.000Z",
|
||
|
"modified": "2017-09-08T15:20:56.000Z",
|
||
|
"pattern": "[url:value = 'http://kvfbnygmotcmrhmtj.click/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b558-5258-4a0e-835c-40aa950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:56.000Z",
|
||
|
"modified": "2017-09-08T15:20:56.000Z",
|
||
|
"pattern": "[domain-name:value = 'kvfbnygmotcmrhmtj.click']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b558-837c-44da-b0f4-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:56.000Z",
|
||
|
"modified": "2017-09-08T15:20:56.000Z",
|
||
|
"pattern": "[url:value = 'http://yajkiwhvmuupotdpw.work/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b558-9d5c-4329-8ed1-2df1950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:56.000Z",
|
||
|
"modified": "2017-09-08T15:20:56.000Z",
|
||
|
"pattern": "[domain-name:value = 'yajkiwhvmuupotdpw.work']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:56Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b559-2d94-40bf-b079-489e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:57.000Z",
|
||
|
"modified": "2017-09-08T15:20:57.000Z",
|
||
|
"pattern": "[url:value = 'http://qymkhefpfvf.org/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b559-0a08-4124-92bf-4c6d950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:57.000Z",
|
||
|
"modified": "2017-09-08T15:20:57.000Z",
|
||
|
"pattern": "[domain-name:value = 'qymkhefpfvf.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b559-19fc-4312-8c08-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:57.000Z",
|
||
|
"modified": "2017-09-08T15:20:57.000Z",
|
||
|
"pattern": "[url:value = 'http://arikglbnfs.pw/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:57Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b55a-61a4-456a-b506-7d59950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:58.000Z",
|
||
|
"modified": "2017-09-08T15:20:58.000Z",
|
||
|
"pattern": "[domain-name:value = 'arikglbnfs.pw']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b55a-fd8c-4203-b330-7f0b950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:58.000Z",
|
||
|
"modified": "2017-09-08T15:20:58.000Z",
|
||
|
"pattern": "[url:value = 'http://afdokuqkswcbu.org/imageload.cgi']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"url\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "indicator",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "indicator--59b2b55a-33fc-4978-98f6-47c7950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:20:58.000Z",
|
||
|
"modified": "2017-09-08T15:20:58.000Z",
|
||
|
"pattern": "[domain-name:value = 'afdokuqkswcbu.org']",
|
||
|
"pattern_type": "stix",
|
||
|
"pattern_version": "2.1",
|
||
|
"valid_from": "2017-09-08T15:20:58Z",
|
||
|
"kill_chain_phases": [
|
||
|
{
|
||
|
"kill_chain_name": "misp-category",
|
||
|
"phase_name": "Network activity"
|
||
|
}
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"hostname\"",
|
||
|
"misp:category=\"Network activity\"",
|
||
|
"misp:to_ids=\"True\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b55c-b790-4f53-89fc-4a9f950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:21:00.000Z",
|
||
|
"modified": "2017-09-08T15:21:00.000Z",
|
||
|
"first_observed": "2017-09-08T15:21:00Z",
|
||
|
"last_observed": "2017-09-08T15:21:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59b2b55c-b790-4f53-89fc-4a9f950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59b2b55c-b790-4f53-89fc-4a9f950d210f",
|
||
|
"value": "https://www.virustotal.com/en/file/39d986b3a62f4d1b2e43c8295a2a645187e08417b6c0d2d8b08a9f7e75343936/analysis/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b55c-ec54-4d1a-a710-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:21:00.000Z",
|
||
|
"modified": "2017-09-08T15:21:00.000Z",
|
||
|
"first_observed": "2017-09-08T15:21:00Z",
|
||
|
"last_observed": "2017-09-08T15:21:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59b2b55c-ec54-4d1a-a710-7e8e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59b2b55c-ec54-4d1a-a710-7e8e950d210f",
|
||
|
"value": "https://www.virustotal.com/en/file/d3a1017f8e5d4ede0eeaa634b81f2d772a425898009ddf19ca73593a9b8700cb/analysis/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b55c-8930-4cca-af93-4ad3950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:21:00.000Z",
|
||
|
"modified": "2017-09-08T15:21:00.000Z",
|
||
|
"first_observed": "2017-09-08T15:21:00Z",
|
||
|
"last_observed": "2017-09-08T15:21:00Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59b2b55c-8930-4cca-af93-4ad3950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59b2b55c-8930-4cca-af93-4ad3950d210f",
|
||
|
"value": "https://www.virustotal.com/en/file/a2dd27957eba44eda1764b7426641072a0b310cf84d9e2ae2a78d78e5ff2c4ea/analysis/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b55d-a920-455c-98ab-7dfc950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:21:01.000Z",
|
||
|
"modified": "2017-09-08T15:21:01.000Z",
|
||
|
"first_observed": "2017-09-08T15:21:01Z",
|
||
|
"last_observed": "2017-09-08T15:21:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59b2b55d-a920-455c-98ab-7dfc950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59b2b55d-a920-455c-98ab-7dfc950d210f",
|
||
|
"value": "https://www.virustotal.com/en/file/70e828a3b69e1416e6ef17bf1c4d6e15bd92d877f08e6c3e36e0d779c45ed2a0/analysis/1504823037/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b55d-50dc-4850-aec1-4365950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:21:01.000Z",
|
||
|
"modified": "2017-09-08T15:21:01.000Z",
|
||
|
"first_observed": "2017-09-08T15:21:01Z",
|
||
|
"last_observed": "2017-09-08T15:21:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59b2b55d-50dc-4850-aec1-4365950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59b2b55d-50dc-4850-aec1-4365950d210f",
|
||
|
"value": "https://boomstick.emergingthreats.net/analysis/204531/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b55d-5a78-4bb2-ab36-7e8e950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:21:01.000Z",
|
||
|
"modified": "2017-09-08T15:21:01.000Z",
|
||
|
"first_observed": "2017-09-08T15:21:01Z",
|
||
|
"last_observed": "2017-09-08T15:21:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59b2b55d-5a78-4bb2-ab36-7e8e950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59b2b55d-5a78-4bb2-ab36-7e8e950d210f",
|
||
|
"value": "https://boomstick.emergingthreats.net/analysis/204530/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b55d-3a18-45c0-9e9a-7920950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:21:01.000Z",
|
||
|
"modified": "2017-09-08T15:21:01.000Z",
|
||
|
"first_observed": "2017-09-08T15:21:01Z",
|
||
|
"last_observed": "2017-09-08T15:21:01Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59b2b55d-3a18-45c0-9e9a-7920950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59b2b55d-3a18-45c0-9e9a-7920950d210f",
|
||
|
"value": "https://boomstick.emergingthreats.net/analysis/204537/"
|
||
|
},
|
||
|
{
|
||
|
"type": "observed-data",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "observed-data--59b2b55e-1180-4b01-bff0-4664950d210f",
|
||
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
||
|
"created": "2017-09-08T15:21:02.000Z",
|
||
|
"modified": "2017-09-08T15:21:02.000Z",
|
||
|
"first_observed": "2017-09-08T15:21:02Z",
|
||
|
"last_observed": "2017-09-08T15:21:02Z",
|
||
|
"number_observed": 1,
|
||
|
"object_refs": [
|
||
|
"url--59b2b55e-1180-4b01-bff0-4664950d210f"
|
||
|
],
|
||
|
"labels": [
|
||
|
"misp:type=\"link\"",
|
||
|
"misp:category=\"External analysis\""
|
||
|
]
|
||
|
},
|
||
|
{
|
||
|
"type": "url",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "url--59b2b55e-1180-4b01-bff0-4664950d210f",
|
||
|
"value": "https://boomstick.emergingthreats.net/analysis/204539/"
|
||
|
},
|
||
|
{
|
||
|
"type": "marking-definition",
|
||
|
"spec_version": "2.1",
|
||
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
||
|
"created": "2017-01-20T00:00:00.000Z",
|
||
|
"definition_type": "tlp",
|
||
|
"name": "TLP:WHITE",
|
||
|
"definition": {
|
||
|
"tlp": "white"
|
||
|
}
|
||
|
}
|
||
|
]
|
||
|
}
|