{ "type": "bundle", "id": "bundle--592bd021-fd44-4594-938f-915b950d210f", "objects": [ { "type": "identity", "spec_version": "2.1", "id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:53.000Z", "modified": "2017-05-29T07:39:53.000Z", "name": "CIRCL", "identity_class": "organization" }, { "type": "grouping", "spec_version": "2.1", "id": "grouping--592bd021-fd44-4594-938f-915b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:53.000Z", "modified": "2017-05-29T07:39:53.000Z", "name": "M2M - test", "context": "suspicious-activity", "object_refs": [ "indicator--592bd022-6ff0-4183-9fc9-7e4b950d210f", "indicator--592bd023-4e8c-4554-b9d8-9168950d210f", "indicator--592bd023-b790-435e-a8d4-7e48950d210f", "indicator--592bd024-a310-412f-a544-9166950d210f", "indicator--592bd025-8414-4c0c-b00b-9152950d210f", "indicator--592bd026-4718-4196-9389-9001950d210f", "observed-data--592bd027-0660-4735-a618-915f950d210f", "network-traffic--592bd027-0660-4735-a618-915f950d210f", "ipv4-addr--592bd027-0660-4735-a618-915f950d210f", "indicator--592bd028-dd30-4910-8444-915b950d210f", "indicator--592bd028-37e4-480e-86ec-9062950d210f", "observed-data--592bd029-c7c8-455c-9bd1-9153950d210f", "network-traffic--592bd029-c7c8-455c-9bd1-9153950d210f", "ipv4-addr--592bd029-c7c8-455c-9bd1-9153950d210f", "indicator--592bd02a-e2a4-472f-962e-7e4b950d210f", "indicator--592bd02a-4b28-4355-93d6-9168950d210f", "observed-data--592bd02b-cf20-4835-83f2-7e48950d210f", "network-traffic--592bd02b-cf20-4835-83f2-7e48950d210f", "ipv4-addr--592bd02b-cf20-4835-83f2-7e48950d210f", "indicator--592bd02b-ba54-4da3-b671-9166950d210f", "indicator--592bd02c-cee0-4443-a01a-7e43950d210f", "observed-data--592bd02d-7288-4bd6-bdd8-9162950d210f", "network-traffic--592bd02d-7288-4bd6-bdd8-9162950d210f", "ipv4-addr--592bd02d-7288-4bd6-bdd8-9162950d210f", "indicator--592bd02d-ebec-41e4-aa48-9165950d210f", "indicator--592bd02e-4614-4c74-98f1-9152950d210f", "observed-data--592bd02f-25f4-45af-9397-7e44950d210f", "network-traffic--592bd02f-25f4-45af-9397-7e44950d210f", "ipv4-addr--592bd02f-25f4-45af-9397-7e44950d210f", "indicator--592bd02f-9714-4930-8d2e-915f950d210f", "indicator--592bd030-e18c-4f98-b560-9153950d210f", "observed-data--592bd031-891c-41a9-b3f2-9168950d210f", "network-traffic--592bd031-891c-41a9-b3f2-9168950d210f", "ipv4-addr--592bd031-891c-41a9-b3f2-9168950d210f", "indicator--592bd031-a7e8-4e40-a772-7e43950d210f", "indicator--592bd032-572c-42b0-9113-9165950d210f", "observed-data--592bd033-897c-4ae0-9ba7-9152950d210f", "network-traffic--592bd033-897c-4ae0-9ba7-9152950d210f", "ipv4-addr--592bd033-897c-4ae0-9ba7-9152950d210f", "indicator--592bd033-e168-4f14-936d-915b950d210f", "indicator--592bd034-e258-4043-8cc1-915f950d210f", "observed-data--592bd034-f1ec-4b58-8bcb-9001950d210f", "network-traffic--592bd034-f1ec-4b58-8bcb-9001950d210f", "ipv4-addr--592bd034-f1ec-4b58-8bcb-9001950d210f", "indicator--592bd035-8b44-41de-8571-7e4b950d210f", "indicator--592bd036-ae58-4a14-be4c-9153950d210f", "observed-data--592bd036-4758-4970-a155-7e48950d210f", "network-traffic--592bd036-4758-4970-a155-7e48950d210f", "ipv4-addr--592bd036-4758-4970-a155-7e48950d210f", "indicator--592bd037-f4b4-4c59-92e5-9168950d210f", "indicator--592bd037-9040-45bd-8034-9166950d210f", "observed-data--592bd038-36f8-4823-be5c-9162950d210f", "network-traffic--592bd038-36f8-4823-be5c-9162950d210f", "ipv4-addr--592bd038-36f8-4823-be5c-9162950d210f", "indicator--592bd039-3cf4-4666-aa04-7e43950d210f", "indicator--592bd03a-a600-4053-8555-915f950d210f", "observed-data--592bd03a-59e8-4a69-abf4-9001950d210f", "network-traffic--592bd03a-59e8-4a69-abf4-9001950d210f", "ipv4-addr--592bd03a-59e8-4a69-abf4-9001950d210f", "indicator--592bd03b-8690-4601-b39a-7e4b950d210f", "indicator--592bd03c-e888-4f5a-a4b9-9153950d210f", "observed-data--592bd03c-0308-42f5-9522-7e48950d210f", "network-traffic--592bd03c-0308-42f5-9522-7e48950d210f", "ipv4-addr--592bd03c-0308-42f5-9522-7e48950d210f", "indicator--592bd03d-12e4-4618-852a-9168950d210f", "indicator--592bd03e-ed90-42ee-ab41-9162950d210f", "observed-data--592bd03e-3948-4acc-bc18-9062950d210f", "network-traffic--592bd03e-3948-4acc-bc18-9062950d210f", "ipv4-addr--592bd03e-3948-4acc-bc18-9062950d210f", "indicator--592bd03f-87cc-4fec-8672-7e43950d210f", "indicator--592bd03f-7714-4c19-b064-9155950d210f", "indicator--592bd040-8950-4cbf-bd51-915f950d210f", "indicator--592bd041-adf0-452d-894c-9001950d210f", "observed-data--592bd041-fa88-4902-bc22-7e4b950d210f", "network-traffic--592bd041-fa88-4902-bc22-7e4b950d210f", "ipv4-addr--592bd041-fa88-4902-bc22-7e4b950d210f", "observed-data--592bd042-3970-437d-aeb5-7e48950d210f", "network-traffic--592bd042-3970-437d-aeb5-7e48950d210f", "ipv4-addr--592bd042-3970-437d-aeb5-7e48950d210f", "indicator--592bd042-ada8-40fd-9b86-9168950d210f", "observed-data--592bd044-5534-4ade-8b27-9151950d210f", "network-traffic--592bd044-5534-4ade-8b27-9151950d210f", "ipv4-addr--592bd044-5534-4ade-8b27-9151950d210f", "indicator--592bd047-6020-4d3d-a031-9165950d210f", "indicator--592bd049-e008-43fb-b0ca-9151950d210f" ], "labels": [ "Threat-Report", "misp:tool=\"MISP-STIX-Converter\"" ], "object_marking_refs": [ "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd022-6ff0-4183-9fc9-7e4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:14.000Z", "modified": "2017-05-29T07:39:14.000Z", "pattern": "[file:hashes.SHA1 = 'f79fbe26abff1e3a2b3f3a21480196afc09d13b1']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:14Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd023-4e8c-4554-b9d8-9168950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:15.000Z", "modified": "2017-05-29T07:39:15.000Z", "pattern": "[file:hashes.SHA1 = '39f5fb49ec3c0e011a5c6ad4b7ac60bcf49af05a']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd023-b790-435e-a8d4-7e48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:15.000Z", "modified": "2017-05-29T07:39:15.000Z", "pattern": "[file:hashes.SHA1 = '02a76d86db0cbe79fcaf1a500630e24d961fa149']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:15Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd024-a310-412f-a544-9166950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:16.000Z", "modified": "2017-05-29T07:39:16.000Z", "pattern": "[file:hashes.SHA1 = '82bb44dd3b7f42b90494294b32f8413a39cb2030']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:16Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Artifacts dropped" } ], "labels": [ "misp:type=\"sha1\"", "misp:category=\"Artifacts dropped\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd025-8414-4c0c-b00b-9152950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:17.000Z", "modified": "2017-05-29T07:39:17.000Z", "pattern": "[url:value = 'http://download.asustor.com/download/docs/releasenotes/RN_ADM_2.7.3.RHQ3.pdf']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:17Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd026-4718-4196-9389-9001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:18.000Z", "modified": "2017-05-29T07:39:18.000Z", "pattern": "[domain-name:value = 'download.asustor.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:18Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd027-0660-4735-a618-915f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:19.000Z", "modified": "2017-05-29T07:39:19.000Z", "first_observed": "2017-05-29T07:39:19Z", "last_observed": "2017-05-29T07:39:19Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd027-0660-4735-a618-915f950d210f", "ipv4-addr--592bd027-0660-4735-a618-915f950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd027-0660-4735-a618-915f950d210f", "dst_ref": "ipv4-addr--592bd027-0660-4735-a618-915f950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd027-0660-4735-a618-915f950d210f", "value": "54.231.40.155" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd028-dd30-4910-8444-915b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:20.000Z", "modified": "2017-05-29T07:39:20.000Z", "pattern": "[url:value = 'https://security-tracker.debian.org/tracker/CVE-2017-7494']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd028-37e4-480e-86ec-9062950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:20.000Z", "modified": "2017-05-29T07:39:20.000Z", "pattern": "[domain-name:value = 'security-tracker.debian.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:20Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd029-c7c8-455c-9bd1-9153950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:21.000Z", "modified": "2017-05-29T07:39:21.000Z", "first_observed": "2017-05-29T07:39:21Z", "last_observed": "2017-05-29T07:39:21Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd029-c7c8-455c-9bd1-9153950d210f", "ipv4-addr--592bd029-c7c8-455c-9bd1-9153950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd029-c7c8-455c-9bd1-9153950d210f", "dst_ref": "ipv4-addr--592bd029-c7c8-455c-9bd1-9153950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd029-c7c8-455c-9bd1-9153950d210f", "value": "128.31.0.67" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd02a-e2a4-472f-962e-7e4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:22.000Z", "modified": "2017-05-29T07:39:22.000Z", "pattern": "[url:value = 'https://bugs.freenas.org/issues/24162']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd02a-4b28-4355-93d6-9168950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:22.000Z", "modified": "2017-05-29T07:39:22.000Z", "pattern": "[domain-name:value = 'bugs.freenas.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:22Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd02b-cf20-4835-83f2-7e48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:23.000Z", "modified": "2017-05-29T07:39:23.000Z", "first_observed": "2017-05-29T07:39:23Z", "last_observed": "2017-05-29T07:39:23Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd02b-cf20-4835-83f2-7e48950d210f", "ipv4-addr--592bd02b-cf20-4835-83f2-7e48950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd02b-cf20-4835-83f2-7e48950d210f", "dst_ref": "ipv4-addr--592bd02b-cf20-4835-83f2-7e48950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd02b-cf20-4835-83f2-7e48950d210f", "value": "64.62.136.47" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd02b-ba54-4da3-b671-9166950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:23.000Z", "modified": "2017-05-29T07:39:23.000Z", "pattern": "[url:value = 'https://kb.netgear.com/000038779/Security-Advisory-for-CVE-2017-7494-Samba-Remote-Code-Execution']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:23Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd02c-cee0-4443-a01a-7e43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:24.000Z", "modified": "2017-05-29T07:39:24.000Z", "pattern": "[domain-name:value = 'kb.netgear.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:24Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd02d-7288-4bd6-bdd8-9162950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:25.000Z", "modified": "2017-05-29T07:39:25.000Z", "first_observed": "2017-05-29T07:39:25Z", "last_observed": "2017-05-29T07:39:25Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd02d-7288-4bd6-bdd8-9162950d210f", "ipv4-addr--592bd02d-7288-4bd6-bdd8-9162950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd02d-7288-4bd6-bdd8-9162950d210f", "dst_ref": "ipv4-addr--592bd02d-7288-4bd6-bdd8-9162950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd02d-7288-4bd6-bdd8-9162950d210f", "value": "136.146.13.27" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd02d-ebec-41e4-aa48-9165950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:25.000Z", "modified": "2017-05-29T07:39:25.000Z", "pattern": "[url:value = 'https://access.redhat.com/security/cve/CVE-2017-7494']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:25Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd02e-4614-4c74-98f1-9152950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:26.000Z", "modified": "2017-05-29T07:39:26.000Z", "pattern": "[domain-name:value = 'access.redhat.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:26Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd02f-25f4-45af-9397-7e44950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:27.000Z", "modified": "2017-05-29T07:39:27.000Z", "first_observed": "2017-05-29T07:39:27Z", "last_observed": "2017-05-29T07:39:27Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd02f-25f4-45af-9397-7e44950d210f", "ipv4-addr--592bd02f-25f4-45af-9397-7e44950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd02f-25f4-45af-9397-7e44950d210f", "dst_ref": "ipv4-addr--592bd02f-25f4-45af-9397-7e44950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd02f-25f4-45af-9397-7e44950d210f", "value": "184.25.247.203" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd02f-9714-4930-8d2e-915f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:27.000Z", "modified": "2017-05-29T07:39:27.000Z", "pattern": "[url:value = 'https://www.suse.com/security/cve/CVE-2017-7494/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:27Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd030-e18c-4f98-b560-9153950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:28.000Z", "modified": "2017-05-29T07:39:28.000Z", "pattern": "[domain-name:value = 'www.suse.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:28Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd031-891c-41a9-b3f2-9168950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:29.000Z", "modified": "2017-05-29T07:39:29.000Z", "first_observed": "2017-05-29T07:39:29Z", "last_observed": "2017-05-29T07:39:29Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd031-891c-41a9-b3f2-9168950d210f", "ipv4-addr--592bd031-891c-41a9-b3f2-9168950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd031-891c-41a9-b3f2-9168950d210f", "dst_ref": "ipv4-addr--592bd031-891c-41a9-b3f2-9168950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd031-891c-41a9-b3f2-9168950d210f", "value": "130.57.66.10" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd031-a7e8-4e40-a772-7e43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:29.000Z", "modified": "2017-05-29T07:39:29.000Z", "pattern": "[url:value = 'https://www.synology.com/en-global/support/security/Important_Information_Regarding_Samba_Vulnerability_CVE_2017_7494']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:29Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd032-572c-42b0-9113-9165950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:30.000Z", "modified": "2017-05-29T07:39:30.000Z", "pattern": "[domain-name:value = 'www.synology.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:30Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd033-897c-4ae0-9ba7-9152950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:31.000Z", "modified": "2017-05-29T07:39:31.000Z", "first_observed": "2017-05-29T07:39:31Z", "last_observed": "2017-05-29T07:39:31Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd033-897c-4ae0-9ba7-9152950d210f", "ipv4-addr--592bd033-897c-4ae0-9ba7-9152950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd033-897c-4ae0-9ba7-9152950d210f", "dst_ref": "ipv4-addr--592bd033-897c-4ae0-9ba7-9152950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd033-897c-4ae0-9ba7-9152950d210f", "value": "52.222.231.55" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd033-e168-4f14-936d-915b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:31.000Z", "modified": "2017-05-29T07:39:31.000Z", "pattern": "[url:value = 'https://forum.qnap.com/viewtopic.php?f=5&t=132991']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:31Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd034-e258-4043-8cc1-915f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:32.000Z", "modified": "2017-05-29T07:39:32.000Z", "pattern": "[domain-name:value = 'forum.qnap.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:32Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd034-f1ec-4b58-8bcb-9001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:32.000Z", "modified": "2017-05-29T07:39:32.000Z", "first_observed": "2017-05-29T07:39:32Z", "last_observed": "2017-05-29T07:39:32Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd034-f1ec-4b58-8bcb-9001950d210f", "ipv4-addr--592bd034-f1ec-4b58-8bcb-9001950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd034-f1ec-4b58-8bcb-9001950d210f", "dst_ref": "ipv4-addr--592bd034-f1ec-4b58-8bcb-9001950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd034-f1ec-4b58-8bcb-9001950d210f", "value": "211.21.125.36" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd035-8b44-41de-8571-7e4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:33.000Z", "modified": "2017-05-29T07:39:33.000Z", "pattern": "[url:value = 'https://people.canonical.com/~ubuntu-security/cve/2017/CVE-2017-7494.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:33Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd036-ae58-4a14-be4c-9153950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:34.000Z", "modified": "2017-05-29T07:39:34.000Z", "pattern": "[domain-name:value = 'people.canonical.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:34Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd036-4758-4970-a155-7e48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:34.000Z", "modified": "2017-05-29T07:39:34.000Z", "first_observed": "2017-05-29T07:39:34Z", "last_observed": "2017-05-29T07:39:34Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd036-4758-4970-a155-7e48950d210f", "ipv4-addr--592bd036-4758-4970-a155-7e48950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd036-4758-4970-a155-7e48950d210f", "dst_ref": "ipv4-addr--592bd036-4758-4970-a155-7e48950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd036-4758-4970-a155-7e48950d210f", "value": "91.189.89.62" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd037-f4b4-4c59-92e5-9168950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:35.000Z", "modified": "2017-05-29T07:39:35.000Z", "pattern": "[url:value = 'https://www.ubuntu.com/usn/usn-3296-2/']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd037-9040-45bd-8034-9166950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:35.000Z", "modified": "2017-05-29T07:39:35.000Z", "pattern": "[domain-name:value = 'www.ubuntu.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:35Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd038-36f8-4823-be5c-9162950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:36.000Z", "modified": "2017-05-29T07:39:36.000Z", "first_observed": "2017-05-29T07:39:36Z", "last_observed": "2017-05-29T07:39:36Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd038-36f8-4823-be5c-9162950d210f", "ipv4-addr--592bd038-36f8-4823-be5c-9162950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd038-36f8-4823-be5c-9162950d210f", "dst_ref": "ipv4-addr--592bd038-36f8-4823-be5c-9162950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd038-36f8-4823-be5c-9162950d210f", "value": "91.189.89.110" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd039-3cf4-4666-aa04-7e43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:37.000Z", "modified": "2017-05-29T07:39:37.000Z", "pattern": "[url:value = 'https://git.samba.org/?p=samba.git;a=blobdiff;f=source3/rpc_server/srv_pipe.c;h=f79fbe26abff1e3a2b3f3a21480196afc09d13b1;hp=39f5fb49ec3c0e011a5c6ad4b7ac60bcf49af05a;hb=02a76d86db0cbe79fcaf1a500630e24d961fa149;hpb=82bb44dd3b7f42b90494294b32f8413a39cb2030']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:37Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd03a-a600-4053-8555-915f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:38.000Z", "modified": "2017-05-29T07:39:38.000Z", "pattern": "[domain-name:value = 'git.samba.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:38Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd03a-59e8-4a69-abf4-9001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:38.000Z", "modified": "2017-05-29T07:39:38.000Z", "first_observed": "2017-05-29T07:39:38Z", "last_observed": "2017-05-29T07:39:38Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd03a-59e8-4a69-abf4-9001950d210f", "ipv4-addr--592bd03a-59e8-4a69-abf4-9001950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd03a-59e8-4a69-abf4-9001950d210f", "dst_ref": "ipv4-addr--592bd03a-59e8-4a69-abf4-9001950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd03a-59e8-4a69-abf4-9001950d210f", "value": "193.175.80.230" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd03b-8690-4601-b39a-7e4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:39.000Z", "modified": "2017-05-29T07:39:39.000Z", "pattern": "[url:value = 'http://nmap.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:39Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd03c-e888-4f5a-a4b9-9153950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:40.000Z", "modified": "2017-05-29T07:39:40.000Z", "pattern": "[domain-name:value = 'nmap.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:40Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd03c-0308-42f5-9522-7e48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:40.000Z", "modified": "2017-05-29T07:39:40.000Z", "first_observed": "2017-05-29T07:39:40Z", "last_observed": "2017-05-29T07:39:40Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd03c-0308-42f5-9522-7e48950d210f", "ipv4-addr--592bd03c-0308-42f5-9522-7e48950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd03c-0308-42f5-9522-7e48950d210f", "dst_ref": "ipv4-addr--592bd03c-0308-42f5-9522-7e48950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd03c-0308-42f5-9522-7e48950d210f", "value": "45.33.49.119" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd03d-12e4-4618-852a-9168950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:41.000Z", "modified": "2017-05-29T07:39:41.000Z", "pattern": "[url:value = 'samba.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:41Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd03e-ed90-42ee-ab41-9162950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:42.000Z", "modified": "2017-05-29T07:39:42.000Z", "pattern": "[domain-name:value = 'samba.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:42Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd03e-3948-4acc-bc18-9062950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:42.000Z", "modified": "2017-05-29T07:39:42.000Z", "first_observed": "2017-05-29T07:39:42Z", "last_observed": "2017-05-29T07:39:42Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd03e-3948-4acc-bc18-9062950d210f", "ipv4-addr--592bd03e-3948-4acc-bc18-9062950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd03e-3948-4acc-bc18-9062950d210f", "dst_ref": "ipv4-addr--592bd03e-3948-4acc-bc18-9062950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd03e-3948-4acc-bc18-9062950d210f", "value": "144.76.82.156" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd03f-87cc-4fec-8672-7e43950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:43.000Z", "modified": "2017-05-29T07:39:43.000Z", "pattern": "[url:value = 'https://www.samba.org/samba/security/CVE-2017-7494.html']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd03f-7714-4c19-b064-9155950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:43.000Z", "modified": "2017-05-29T07:39:43.000Z", "pattern": "[domain-name:value = 'www.samba.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:43Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd040-8950-4cbf-bd51-915f950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:44.000Z", "modified": "2017-05-29T07:39:44.000Z", "pattern": "[url:value = 'https://github.com/rapid7/metasploit-framework/pull/8450']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:44Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd041-adf0-452d-894c-9001950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:45.000Z", "modified": "2017-05-29T07:39:45.000Z", "pattern": "[domain-name:value = 'github.com']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:45Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"hostname\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd041-fa88-4902-bc22-7e4b950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:45.000Z", "modified": "2017-05-29T07:39:45.000Z", "first_observed": "2017-05-29T07:39:45Z", "last_observed": "2017-05-29T07:39:45Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd041-fa88-4902-bc22-7e4b950d210f", "ipv4-addr--592bd041-fa88-4902-bc22-7e4b950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd041-fa88-4902-bc22-7e4b950d210f", "dst_ref": "ipv4-addr--592bd041-fa88-4902-bc22-7e4b950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd041-fa88-4902-bc22-7e4b950d210f", "value": "192.30.253.112" }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd042-3970-437d-aeb5-7e48950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:46.000Z", "modified": "2017-05-29T07:39:46.000Z", "first_observed": "2017-05-29T07:39:46Z", "last_observed": "2017-05-29T07:39:46Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd042-3970-437d-aeb5-7e48950d210f", "ipv4-addr--592bd042-3970-437d-aeb5-7e48950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd042-3970-437d-aeb5-7e48950d210f", "dst_ref": "ipv4-addr--592bd042-3970-437d-aeb5-7e48950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd042-3970-437d-aeb5-7e48950d210f", "value": "192.30.253.113" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd042-ada8-40fd-9b86-9168950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:46.000Z", "modified": "2017-05-29T07:39:46.000Z", "pattern": "[url:value = 'https://github.com/opsxcq/exploit-CVE-2017-7494']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:46Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "observed-data", "spec_version": "2.1", "id": "observed-data--592bd044-5534-4ade-8b27-9151950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:48.000Z", "modified": "2017-05-29T07:39:48.000Z", "first_observed": "2017-05-29T07:39:48Z", "last_observed": "2017-05-29T07:39:48Z", "number_observed": 1, "object_refs": [ "network-traffic--592bd044-5534-4ade-8b27-9151950d210f", "ipv4-addr--592bd044-5534-4ade-8b27-9151950d210f" ], "labels": [ "misp:type=\"ip-dst\"", "misp:category=\"Network activity\"" ] }, { "type": "network-traffic", "spec_version": "2.1", "id": "network-traffic--592bd044-5534-4ade-8b27-9151950d210f", "dst_ref": "ipv4-addr--592bd044-5534-4ade-8b27-9151950d210f", "protocols": [ "tcp" ] }, { "type": "ipv4-addr", "spec_version": "2.1", "id": "ipv4-addr--592bd044-5534-4ade-8b27-9151950d210f", "value": "54.231.98.96" }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd047-6020-4d3d-a031-9165950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:51.000Z", "modified": "2017-05-29T07:39:51.000Z", "pattern": "[url:value = 'https://forum.qnap.com/viewtopic.php?f=5&t=132991']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:51Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "indicator", "spec_version": "2.1", "id": "indicator--592bd049-e008-43fb-b0ca-9151950d210f", "created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f", "created": "2017-05-29T07:39:53.000Z", "modified": "2017-05-29T07:39:53.000Z", "pattern": "[url:value = 'http://samba.org']", "pattern_type": "stix", "pattern_version": "2.1", "valid_from": "2017-05-29T07:39:53Z", "kill_chain_phases": [ { "kill_chain_name": "misp-category", "phase_name": "Network activity" } ], "labels": [ "misp:type=\"url\"", "misp:category=\"Network activity\"", "misp:to_ids=\"True\"" ] }, { "type": "marking-definition", "spec_version": "2.1", "id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9", "created": "2017-01-20T00:00:00.000Z", "definition_type": "tlp", "name": "TLP:WHITE", "definition": { "tlp": "white" } } ] }