adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/5a26b608-7e48-48c1-bf61-43a3950d210f.json

1220 lines
49 KiB
JSON
Raw Normal View History

chg: [misp-stix] STIX 2.1 export added
2023-04-21 14:44:17 +00:00
{
"type": "bundle",
"id": "bundle--5a26b608-7e48-48c1-bf61-43a3950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:35.000Z",
"modified": "2017-12-06T10:03:35.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--5a26b608-7e48-48c1-bf61-43a3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:35.000Z",
"modified": "2017-12-06T10:03:35.000Z",
"name": "M2M - \"..doc\" 2017-11-30 : \"FL-123456 11.30.2017.7z\"",
"published": "2017-12-06T10:10:30Z",
"object_refs": [
"indicator--5a26b609-e89c-4385-9584-465a950d210f",
"indicator--5a26b609-c92c-4329-8eea-470e950d210f",
"indicator--5a26b609-be98-4d9f-ba28-42b1950d210f",
"indicator--5a26b60a-a510-459b-844b-485f950d210f",
"indicator--5a26b60a-b3c0-498b-aee7-4b23950d210f",
"indicator--5a26b60a-0794-4355-8983-493d950d210f",
"observed-data--5a26b60b-a070-4eb5-95f6-40d3950d210f",
"network-traffic--5a26b60b-a070-4eb5-95f6-40d3950d210f",
"ipv4-addr--5a26b60b-a070-4eb5-95f6-40d3950d210f",
"indicator--5a26b60b-e25c-4a95-a17b-44d3950d210f",
"indicator--5a26b60b-3e08-49e3-a06b-c6d3950d210f",
"observed-data--5a26b60b-8010-4553-9e9b-4b38950d210f",
"network-traffic--5a26b60b-8010-4553-9e9b-4b38950d210f",
"ipv4-addr--5a26b60b-8010-4553-9e9b-4b38950d210f",
"indicator--5a26b60c-4084-4005-9c85-c53a950d210f",
"indicator--5a26b60d-e4e8-4ae3-839f-4e09950d210f",
"observed-data--5a26b60d-4060-441c-a254-4243950d210f",
"network-traffic--5a26b60d-4060-441c-a254-4243950d210f",
"ipv4-addr--5a26b60d-4060-441c-a254-4243950d210f",
"indicator--5a26b60d-5728-42b0-bc69-46ae950d210f",
"indicator--5a26b60d-c4a0-4af6-997a-4d69950d210f",
"observed-data--5a26b60d-e69c-4d3a-bf9d-4881950d210f",
"network-traffic--5a26b60d-e69c-4d3a-bf9d-4881950d210f",
"ipv4-addr--5a26b60d-e69c-4d3a-bf9d-4881950d210f",
"indicator--5a26b60e-a030-4a87-8bee-c6d3950d210f",
"indicator--5a26b60e-2510-488b-a1c2-4890950d210f",
"observed-data--5a26b60e-bd00-483c-ae8b-42f4950d210f",
"network-traffic--5a26b60e-bd00-483c-ae8b-42f4950d210f",
"ipv4-addr--5a26b60e-bd00-483c-ae8b-42f4950d210f",
"indicator--5a26b60e-b7b4-4450-9cec-4b20950d210f",
"indicator--5a26b60e-a764-4684-a7d6-419c950d210f",
"observed-data--5a26b60f-7098-4491-86ae-4cd1950d210f",
"network-traffic--5a26b60f-7098-4491-86ae-4cd1950d210f",
"ipv4-addr--5a26b60f-7098-4491-86ae-4cd1950d210f",
"indicator--5a26b60f-9220-4b4c-87e6-4cad950d210f",
"indicator--5a26b60f-4c28-4e42-bd4d-40e1950d210f",
"observed-data--5a26b60f-d748-4d1f-be56-4204950d210f",
"network-traffic--5a26b60f-d748-4d1f-be56-4204950d210f",
"ipv4-addr--5a26b60f-d748-4d1f-be56-4204950d210f",
"indicator--5a26b610-ce98-43c6-a598-4bae950d210f",
"indicator--5a26b610-f084-4fe5-9357-c6d3950d210f",
"observed-data--5a26b610-e01c-4336-96aa-4669950d210f",
"network-traffic--5a26b610-e01c-4336-96aa-4669950d210f",
"ipv4-addr--5a26b610-e01c-4336-96aa-4669950d210f",
"indicator--5a26b611-3390-4b2a-ae6c-4785950d210f",
"indicator--5a26b611-fca0-46b3-afcb-42b3950d210f",
"observed-data--5a26b611-c76c-438e-9927-45ff950d210f",
"network-traffic--5a26b611-c76c-438e-9927-45ff950d210f",
"ipv4-addr--5a26b611-c76c-438e-9927-45ff950d210f",
"indicator--5a26b611-cb7c-4f30-a5b9-4d28950d210f",
"indicator--5a26b612-737c-4c0a-b657-4136950d210f",
"observed-data--5a26b612-0b58-40a9-b2a7-4d43950d210f",
"network-traffic--5a26b612-0b58-40a9-b2a7-4d43950d210f",
"ipv4-addr--5a26b612-0b58-40a9-b2a7-4d43950d210f",
"indicator--5a27c071-7a20-4a82-b93f-bbb602de0b81",
"indicator--5a27c071-e8c8-40c6-ad17-bbb602de0b81",
"observed-data--5a27c071-4ca4-4de8-be48-bbb602de0b81",
"url--5a27c071-4ca4-4de8-be48-bbb602de0b81",
"indicator--5a27c071-7c68-4d03-b967-bbb602de0b81",
"indicator--5a27c071-4048-411c-a49d-bbb602de0b81",
"observed-data--5a27c071-adfc-43bd-b1ae-bbb602de0b81",
"url--5a27c071-adfc-43bd-b1ae-bbb602de0b81",
"indicator--5a27c071-ae34-4e17-a860-bbb602de0b81",
"indicator--5a27c071-657c-44cd-830c-bbb602de0b81",
"observed-data--5a27c072-eb0c-4e56-9c49-bbb602de0b81",
"url--5a27c072-eb0c-4e56-9c49-bbb602de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\"",
"misp-galaxy:ransomware=\"Fake Globe Ransomware\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b609-e89c-4385-9584-465a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[file:hashes.MD5 = 'd4ddf8bfcc057fcfece2a498942079ce']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b609-c92c-4329-8eea-470e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[file:hashes.MD5 = '3ccbb316fdf9b7e6ae89584afc529e5f']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b609-be98-4d9f-ba28-42b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[file:hashes.MD5 = '612974dcb49adef982d9ad8d9cbdde36']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60a-a510-459b-844b-485f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[domain-name:value = 'it2000.mycompany.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60a-b3c0-498b-aee7-4b23950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[url:value = 'http://accessyouraudience.com/JHGcd476334']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60a-0794-4355-8983-493d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[domain-name:value = 'accessyouraudience.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b60b-a070-4eb5-95f6-40d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"first_observed": "2017-12-06T10:03:29Z",
"last_observed": "2017-12-06T10:03:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b60b-a070-4eb5-95f6-40d3950d210f",
"ipv4-addr--5a26b60b-a070-4eb5-95f6-40d3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b60b-a070-4eb5-95f6-40d3950d210f",
"dst_ref": "ipv4-addr--5a26b60b-a070-4eb5-95f6-40d3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b60b-a070-4eb5-95f6-40d3950d210f",
"value": "98.124.251.75"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60b-e25c-4a95-a17b-44d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[url:value = 'http://alucmuhendislik.com/JHGcd476334']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60b-3e08-49e3-a06b-c6d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[domain-name:value = 'alucmuhendislik.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b60b-8010-4553-9e9b-4b38950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"first_observed": "2017-12-06T10:03:29Z",
"last_observed": "2017-12-06T10:03:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b60b-8010-4553-9e9b-4b38950d210f",
"ipv4-addr--5a26b60b-8010-4553-9e9b-4b38950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b60b-8010-4553-9e9b-4b38950d210f",
"dst_ref": "ipv4-addr--5a26b60b-8010-4553-9e9b-4b38950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b60b-8010-4553-9e9b-4b38950d210f",
"value": "185.85.205.9"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60c-4084-4005-9c85-c53a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[url:value = 'http://awholeblueworld.com/JHGcd476334']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60d-e4e8-4ae3-839f-4e09950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[domain-name:value = 'awholeblueworld.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b60d-4060-441c-a254-4243950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"first_observed": "2017-12-06T10:03:29Z",
"last_observed": "2017-12-06T10:03:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b60d-4060-441c-a254-4243950d210f",
"ipv4-addr--5a26b60d-4060-441c-a254-4243950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b60d-4060-441c-a254-4243950d210f",
"dst_ref": "ipv4-addr--5a26b60d-4060-441c-a254-4243950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b60d-4060-441c-a254-4243950d210f",
"value": "66.36.173.215"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60d-5728-42b0-bc69-46ae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[url:value = 'http://bit-chasers.com/JHGcd476334']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60d-c4a0-4af6-997a-4d69950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[domain-name:value = 'bit-chasers.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b60d-e69c-4d3a-bf9d-4881950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"first_observed": "2017-12-06T10:03:29Z",
"last_observed": "2017-12-06T10:03:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b60d-e69c-4d3a-bf9d-4881950d210f",
"ipv4-addr--5a26b60d-e69c-4d3a-bf9d-4881950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b60d-e69c-4d3a-bf9d-4881950d210f",
"dst_ref": "ipv4-addr--5a26b60d-e69c-4d3a-bf9d-4881950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b60d-e69c-4d3a-bf9d-4881950d210f",
"value": "98.124.251.176"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60e-a030-4a87-8bee-c6d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[url:value = 'http://datenhaus.info/JHGcd476334']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60e-2510-488b-a1c2-4890950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[domain-name:value = 'datenhaus.info']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b60e-bd00-483c-ae8b-42f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"first_observed": "2017-12-06T10:03:29Z",
"last_observed": "2017-12-06T10:03:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b60e-bd00-483c-ae8b-42f4950d210f",
"ipv4-addr--5a26b60e-bd00-483c-ae8b-42f4950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b60e-bd00-483c-ae8b-42f4950d210f",
"dst_ref": "ipv4-addr--5a26b60e-bd00-483c-ae8b-42f4950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b60e-bd00-483c-ae8b-42f4950d210f",
"value": "85.214.205.231"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60e-b7b4-4450-9cec-4b20950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[url:value = 'http://hexacam.com/JHGcd476334']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60e-a764-4684-a7d6-419c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[domain-name:value = 'hexacam.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b60f-7098-4491-86ae-4cd1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"first_observed": "2017-12-06T10:03:29Z",
"last_observed": "2017-12-06T10:03:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b60f-7098-4491-86ae-4cd1950d210f",
"ipv4-addr--5a26b60f-7098-4491-86ae-4cd1950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b60f-7098-4491-86ae-4cd1950d210f",
"dst_ref": "ipv4-addr--5a26b60f-7098-4491-86ae-4cd1950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b60f-7098-4491-86ae-4cd1950d210f",
"value": "98.124.251.65"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60f-9220-4b4c-87e6-4cad950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[url:value = 'http://mh-service.ru/JHGcd476334']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b60f-4c28-4e42-bd4d-40e1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[domain-name:value = 'mh-service.ru']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b60f-d748-4d1f-be56-4204950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"first_observed": "2017-12-06T10:03:29Z",
"last_observed": "2017-12-06T10:03:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b60f-d748-4d1f-be56-4204950d210f",
"ipv4-addr--5a26b60f-d748-4d1f-be56-4204950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b60f-d748-4d1f-be56-4204950d210f",
"dst_ref": "ipv4-addr--5a26b60f-d748-4d1f-be56-4204950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b60f-d748-4d1f-be56-4204950d210f",
"value": "89.253.235.118"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b610-ce98-43c6-a598-4bae950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[url:value = 'http://yamanashi-jyujin.jp/JHGcd476334']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b610-f084-4fe5-9357-c6d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[domain-name:value = 'yamanashi-jyujin.jp']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b610-e01c-4336-96aa-4669950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"first_observed": "2017-12-06T10:03:29Z",
"last_observed": "2017-12-06T10:03:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b610-e01c-4336-96aa-4669950d210f",
"ipv4-addr--5a26b610-e01c-4336-96aa-4669950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b610-e01c-4336-96aa-4669950d210f",
"dst_ref": "ipv4-addr--5a26b610-e01c-4336-96aa-4669950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b610-e01c-4336-96aa-4669950d210f",
"value": "180.222.185.74"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b611-3390-4b2a-ae6c-4785950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[url:value = 'https://n224ezvhg4sgyamb.onion.link/shfgealjh.php']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b611-fca0-46b3-afcb-42b3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[domain-name:value = 'n224ezvhg4sgyamb.onion.link']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b611-c76c-438e-9927-45ff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"first_observed": "2017-12-06T10:03:29Z",
"last_observed": "2017-12-06T10:03:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b611-c76c-438e-9927-45ff950d210f",
"ipv4-addr--5a26b611-c76c-438e-9927-45ff950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b611-c76c-438e-9927-45ff950d210f",
"dst_ref": "ipv4-addr--5a26b611-c76c-438e-9927-45ff950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b611-c76c-438e-9927-45ff950d210f",
"value": "188.166.203.69"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b611-cb7c-4f30-a5b9-4d28950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[url:value = 'http://summi.space/count.php?nu=105&fb=110']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a26b612-737c-4c0a-b657-4136950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"pattern": "[domain-name:value = 'summi.space']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a26b612-0b58-40a9-b2a7-4d43950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"first_observed": "2017-12-06T10:03:29Z",
"last_observed": "2017-12-06T10:03:29Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5a26b612-0b58-40a9-b2a7-4d43950d210f",
"ipv4-addr--5a26b612-0b58-40a9-b2a7-4d43950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5a26b612-0b58-40a9-b2a7-4d43950d210f",
"dst_ref": "ipv4-addr--5a26b612-0b58-40a9-b2a7-4d43950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5a26b612-0b58-40a9-b2a7-4d43950d210f",
"value": "198.23.241.227"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a27c071-7a20-4a82-b93f-bbb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"description": "- Xchecked via VT: 612974dcb49adef982d9ad8d9cbdde36",
"pattern": "[file:hashes.SHA256 = '13e164380585fe44ac56ed10bd1ed5e42873a85040aee8c40d7596fc05f28920']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a27c071-e8c8-40c6-ad17-bbb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"description": "- Xchecked via VT: 612974dcb49adef982d9ad8d9cbdde36",
"pattern": "[file:hashes.SHA1 = 'b817e361bd0cc1819d7f6a1189f0f5d56ed48721']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a27c071-4ca4-4de8-be48-bbb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"first_observed": "2017-12-06T10:03:29Z",
"last_observed": "2017-12-06T10:03:29Z",
"number_observed": 1,
"object_refs": [
"url--5a27c071-4ca4-4de8-be48-bbb602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a27c071-4ca4-4de8-be48-bbb602de0b81",
"value": "https://www.virustotal.com/file/13e164380585fe44ac56ed10bd1ed5e42873a85040aee8c40d7596fc05f28920/analysis/1512419605/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a27c071-7c68-4d03-b967-bbb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"description": "- Xchecked via VT: 3ccbb316fdf9b7e6ae89584afc529e5f",
"pattern": "[file:hashes.SHA256 = 'ba21e8c562f330795089a76ab641bb3cf7618bd3ae6a647745d8caec87645040']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a27c071-4048-411c-a49d-bbb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"description": "- Xchecked via VT: 3ccbb316fdf9b7e6ae89584afc529e5f",
"pattern": "[file:hashes.SHA1 = 'cc3d01780eaabb8f429cd251acfc52370b95d149']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a27c071-adfc-43bd-b1ae-bbb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"first_observed": "2017-12-06T10:03:29Z",
"last_observed": "2017-12-06T10:03:29Z",
"number_observed": 1,
"object_refs": [
"url--5a27c071-adfc-43bd-b1ae-bbb602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a27c071-adfc-43bd-b1ae-bbb602de0b81",
"value": "https://www.virustotal.com/file/ba21e8c562f330795089a76ab641bb3cf7618bd3ae6a647745d8caec87645040/analysis/1512362971/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a27c071-ae34-4e17-a860-bbb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"description": "- Xchecked via VT: d4ddf8bfcc057fcfece2a498942079ce",
"pattern": "[file:hashes.SHA256 = '7bc1c0b67e76b761128ffc478554858a09aa6e5fbb7e57f1f58b3066f6c228fc']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5a27c071-657c-44cd-830c-bbb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:29.000Z",
"modified": "2017-12-06T10:03:29.000Z",
"description": "- Xchecked via VT: d4ddf8bfcc057fcfece2a498942079ce",
"pattern": "[file:hashes.SHA1 = 'b52e239c775781b1c569d246c88727573ba5904b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-12-06T10:03:29Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5a27c072-eb0c-4e56-9c49-bbb602de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-12-06T10:03:30.000Z",
"modified": "2017-12-06T10:03:30.000Z",
"first_observed": "2017-12-06T10:03:30Z",
"last_observed": "2017-12-06T10:03:30Z",
"number_observed": 1,
"object_refs": [
"url--5a27c072-eb0c-4e56-9c49-bbb602de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5a27c072-eb0c-4e56-9c49-bbb602de0b81",
"value": "https://www.virustotal.com/file/7bc1c0b67e76b761128ffc478554858a09aa6e5fbb7e57f1f58b3066f6c228fc/analysis/1512374263/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue Copy permalink