3070 lines
No EOL
126 KiB
JSON
3070 lines
No EOL
126 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--546bba61-69d0-4c0e-8066-4942950d210b",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:47:56.000Z",
|
|
"modified": "2014-11-18T21:47:56.000Z",
|
|
"name": "CthulhuSPRL.be",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--546bba61-69d0-4c0e-8066-4942950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:47:56.000Z",
|
|
"modified": "2014-11-18T21:47:56.000Z",
|
|
"name": "OSINT ScanBox framework \u00e2\u20ac\u201c who\u00e2\u20ac\u2122s affected, and who\u00e2\u20ac\u2122s using it? by PWC",
|
|
"published": "2016-02-22T14:24:04Z",
|
|
"object_refs": [
|
|
"observed-data--546bba6b-9a8c-4bf5-89d1-f2ea950d210b",
|
|
"url--546bba6b-9a8c-4bf5-89d1-f2ea950d210b",
|
|
"x-misp-attribute--546bba76-3cc8-4b33-9dfe-4606950d210b",
|
|
"indicator--546bbb3e-4368-4df5-9ac8-c1e7950d210b",
|
|
"indicator--546bbb3e-8954-4180-949f-c1e7950d210b",
|
|
"indicator--546bbb3e-ce9c-4de3-b97a-c1e7950d210b",
|
|
"indicator--546bbb3e-ee6c-4306-a2fa-c1e7950d210b",
|
|
"indicator--546bbcc4-7f98-47cd-bd6f-f2ea950d210b",
|
|
"indicator--546bbcc4-432c-4bf0-9de9-f2ea950d210b",
|
|
"indicator--546bbcc4-20c4-4db3-80c2-f2ea950d210b",
|
|
"indicator--546bbcc4-7060-4d50-a1c3-f2ea950d210b",
|
|
"indicator--546bbcc4-0054-49a2-b302-f2ea950d210b",
|
|
"indicator--546bbcc4-3404-4f9a-9be1-f2ea950d210b",
|
|
"indicator--546bbcc4-6ad4-4729-bc19-f2ea950d210b",
|
|
"indicator--546bbcc4-8698-46a1-ad1d-f2ea950d210b",
|
|
"indicator--546bbcc4-4268-4365-a097-f2ea950d210b",
|
|
"indicator--546bbcc4-bccc-4495-9216-f2ea950d210b",
|
|
"indicator--546bbcc4-dc2c-43ea-9eed-f2ea950d210b",
|
|
"indicator--546bbcc4-ec50-4d76-8c49-f2ea950d210b",
|
|
"indicator--546bbcc4-0e94-478d-94c4-f2ea950d210b",
|
|
"indicator--546bbcc4-3ccc-4472-992d-f2ea950d210b",
|
|
"indicator--546bbcc5-e058-44ce-935f-f2ea950d210b",
|
|
"indicator--546bbcc5-7f6c-4d20-8dd0-f2ea950d210b",
|
|
"indicator--546bbcc5-ad04-44ff-b103-f2ea950d210b",
|
|
"indicator--546bbcc5-57ec-447c-b898-f2ea950d210b",
|
|
"indicator--546bbcc5-ac40-409f-871d-f2ea950d210b",
|
|
"indicator--546bbcc5-fe4c-46e5-90eb-f2ea950d210b",
|
|
"indicator--546bbcc5-2270-4453-972e-f2ea950d210b",
|
|
"indicator--546bbcc5-48b0-430f-b8ae-f2ea950d210b",
|
|
"indicator--546bbcc5-2f78-4bbe-b20f-f2ea950d210b",
|
|
"indicator--546bbcc5-9a3c-45ce-8c7a-f2ea950d210b",
|
|
"indicator--546bbcc5-4a1c-4230-8080-f2ea950d210b",
|
|
"indicator--546bbcc5-3968-4998-a10e-f2ea950d210b",
|
|
"indicator--546bbcc5-0054-4e5b-b4e9-f2ea950d210b",
|
|
"indicator--546bbcc5-e040-4cb5-b7b9-f2ea950d210b",
|
|
"indicator--546bbcc5-c16c-4b4a-9c65-f2ea950d210b",
|
|
"indicator--546bbcc5-631c-4c8b-9b12-f2ea950d210b",
|
|
"x-misp-attribute--546bbce2-d558-4d16-936a-40b5950d210b",
|
|
"indicator--546bbcf6-4424-45e3-8311-c1e7950d210b",
|
|
"indicator--546bbcf6-c62c-4f4e-ba03-c1e7950d210b",
|
|
"indicator--546bbcf6-fc9c-41ae-a644-c1e7950d210b",
|
|
"indicator--546bbcf7-ef90-4599-83e3-c1e7950d210b",
|
|
"indicator--546bbcf7-5688-4d06-a32a-c1e7950d210b",
|
|
"x-misp-attribute--546bbd4e-8f78-4624-94a5-4549950d210b",
|
|
"x-misp-attribute--546bbd4e-a0c8-4f0f-8907-4b0e950d210b",
|
|
"x-misp-attribute--546bbd4e-acc4-48dd-9b77-4d9a950d210b",
|
|
"x-misp-attribute--546bbd4e-8ab4-4cd7-bf2f-4bb9950d210b",
|
|
"x-misp-attribute--546bbd4e-ccb0-4125-934c-4d79950d210b",
|
|
"x-misp-attribute--546bbd4e-f8f8-4b00-9d87-4fb6950d210b",
|
|
"x-misp-attribute--546bbd4e-1e74-4c4e-9270-438a950d210b",
|
|
"x-misp-attribute--546bbd4e-11f0-4f71-8e09-484c950d210b",
|
|
"indicator--546bbdd9-cfe4-4981-a196-427b950d210b",
|
|
"indicator--546bbdd9-3350-4dcd-a976-4613950d210b",
|
|
"indicator--546bbdd9-105c-45b3-8d3d-44f4950d210b",
|
|
"indicator--546bbdd9-a580-4fc3-9500-40ab950d210b",
|
|
"indicator--546bbdd9-77c8-4316-80b3-443f950d210b",
|
|
"indicator--546bbdd9-42c0-41ab-8658-4651950d210b",
|
|
"indicator--546bbdd9-cf38-4e46-b166-4361950d210b",
|
|
"indicator--546bbdd9-09e8-441e-8ce3-43ca950d210b",
|
|
"indicator--546bbdda-39c8-4b05-82f6-4974950d210b",
|
|
"indicator--546bbdda-3ce8-4279-a9d8-4c0b950d210b",
|
|
"indicator--546bbdda-d4a4-43cd-a0d7-42b1950d210b",
|
|
"indicator--546bbdda-7a08-4763-a01e-40e6950d210b",
|
|
"indicator--546bbdda-3610-4dca-ae68-482e950d210b",
|
|
"indicator--546bbdf4-7fd4-4468-8b42-48d8950d210b",
|
|
"indicator--546bbdf4-58bc-4c7f-9c82-42cf950d210b",
|
|
"indicator--546bbdf4-a8d4-41c5-9605-4022950d210b",
|
|
"indicator--546bbdf4-738c-4064-a280-4610950d210b",
|
|
"indicator--546bbdf4-78b8-4695-ba4b-46a3950d210b",
|
|
"indicator--546bbdf5-d00c-488f-9f54-488b950d210b",
|
|
"indicator--546bbdf5-8da8-431a-8e6d-4cab950d210b",
|
|
"indicator--546bbdf5-69b8-4be7-a1d7-4b7a950d210b",
|
|
"indicator--546bbdf5-4f44-4b35-8668-47b7950d210b",
|
|
"indicator--546bbdf5-3e18-40da-814d-47c1950d210b",
|
|
"indicator--546bbdf5-c948-4282-9089-4833950d210b",
|
|
"indicator--546bbdf5-25d0-487f-9cd1-4f32950d210b",
|
|
"indicator--546bbdf5-83fc-4077-a35d-4319950d210b",
|
|
"indicator--546bbdf5-e768-4f05-ad93-4a80950d210b",
|
|
"indicator--546bbdf5-decc-4e66-a846-4887950d210b",
|
|
"indicator--546bbdf5-62d0-4e9f-8e06-45d9950d210b",
|
|
"indicator--546bbdf5-93f4-440e-aeb1-4a9f950d210b",
|
|
"indicator--546bbdf5-36f4-4098-8327-4437950d210b",
|
|
"indicator--546bbdf5-9568-4717-8c9a-46b9950d210b",
|
|
"indicator--546bbdf5-c33c-4cc2-addd-4476950d210b",
|
|
"indicator--546bbdf5-6210-425a-87cc-4bc5950d210b",
|
|
"indicator--546bbdf6-57a8-4218-bc08-4746950d210b",
|
|
"indicator--546bbdf6-7190-4839-a303-4142950d210b",
|
|
"indicator--546bbdf6-d510-4776-bc3f-42c3950d210b",
|
|
"indicator--546bbdf6-edb4-415a-be1b-45f3950d210b",
|
|
"indicator--546bbdf6-e4ac-470f-85f8-4522950d210b",
|
|
"indicator--546bbdf6-7df8-405b-a3a5-4b20950d210b",
|
|
"indicator--546bbdf6-5c80-480d-a5e5-4de5950d210b",
|
|
"indicator--546bbdf6-60a4-4ec3-a5a9-4ea3950d210b",
|
|
"indicator--546bbdf6-fff0-4482-8e4e-4aa8950d210b",
|
|
"indicator--546bbdf6-0988-4b57-9817-409d950d210b",
|
|
"indicator--546bbdf6-f7b4-40b1-bf9b-4f19950d210b",
|
|
"indicator--546bbdf6-691c-414a-8a4a-4544950d210b",
|
|
"indicator--546bbdf6-cc5c-4130-8069-4b57950d210b",
|
|
"indicator--546bbdf6-9604-437e-b5a3-4c1a950d210b",
|
|
"indicator--546bbdf6-ad20-4d88-97b8-42ba950d210b",
|
|
"indicator--546bbdf6-ae10-4d34-b1b6-4f55950d210b",
|
|
"indicator--546bbdf6-5de8-407d-89c7-4981950d210b",
|
|
"indicator--546bbdf7-b6ec-4578-a13f-422d950d210b",
|
|
"indicator--546bbdf7-906c-47dd-9451-4022950d210b",
|
|
"indicator--546bbdf7-73c4-489e-9934-4af3950d210b",
|
|
"indicator--546bbdf7-e34c-4b8a-9f8b-46c7950d210b",
|
|
"indicator--546bbdf7-0b60-4dc1-9ad9-4f32950d210b",
|
|
"indicator--546bbdf7-dc60-4584-ae1e-4e4e950d210b",
|
|
"indicator--546bbdf7-e2f8-452a-920e-4de6950d210b",
|
|
"indicator--546bbdf7-8a14-4832-bf9d-4568950d210b",
|
|
"indicator--546bbdf7-4424-4ef2-8734-45ba950d210b",
|
|
"indicator--546bbdf7-fd88-4ffc-b261-484f950d210b",
|
|
"indicator--546bbdf7-a440-4b39-89ae-4136950d210b",
|
|
"indicator--546bbdf7-0cac-41d4-80b7-4dc7950d210b",
|
|
"indicator--546bbdf7-bddc-4690-b3cd-435f950d210b",
|
|
"indicator--546bbdf7-8f14-46eb-8eb9-4ca2950d210b",
|
|
"indicator--546bbdf7-e5e4-4414-a817-45ad950d210b",
|
|
"indicator--546bbe8c-2b00-4cd0-b6b0-467c950d210b",
|
|
"indicator--546bbe8c-af58-4742-808c-435c950d210b",
|
|
"indicator--546bbe8d-4bf4-4563-84f4-42a2950d210b",
|
|
"indicator--546bbe8d-fbb8-4283-a2b7-4755950d210b",
|
|
"indicator--546bbe8d-a95c-47dc-a98c-4d6d950d210b",
|
|
"indicator--546bbe8d-4934-48e1-9f52-4b0d950d210b",
|
|
"indicator--546bbe8d-461c-4be5-9121-45ff950d210b",
|
|
"indicator--56c645e3-80e8-4b89-bbbf-599e950d210f",
|
|
"indicator--56c645e5-ed90-41b7-98dc-59a0950d210f",
|
|
"indicator--56c645e7-596c-4636-bce9-59a3950d210f",
|
|
"indicator--56c645e4-8bec-477d-805a-44b8950d210f",
|
|
"indicator--56c645e6-a24c-4f4c-912a-599f950d210f",
|
|
"indicator--56c645e8-20e0-4063-8968-4832950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"type:OSINT"
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da"
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--546bba6b-9a8c-4bf5-89d1-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:30:19.000Z",
|
|
"modified": "2014-11-18T21:30:19.000Z",
|
|
"first_observed": "2014-11-18T21:30:19Z",
|
|
"last_observed": "2014-11-18T21:30:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--546bba6b-9a8c-4bf5-89d1-f2ea950d210b"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--546bba6b-9a8c-4bf5-89d1-f2ea950d210b",
|
|
"value": "http://pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--546bba76-3cc8-4b33-9dfe-4606950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:30:30.000Z",
|
|
"modified": "2014-11-18T21:30:30.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "Scanbox"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbb3e-4368-4df5-9ac8-c1e7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:33:50.000Z",
|
|
"modified": "2014-11-18T21:33:50.000Z",
|
|
"pattern": "[domain-name:value = 'js.webmailgoogle.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:33:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbb3e-8954-4180-949f-c1e7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:33:50.000Z",
|
|
"modified": "2014-11-18T21:33:50.000Z",
|
|
"pattern": "[domain-name:value = 'code.googlecaches.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:33:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbb3e-ce9c-4de3-b97a-c1e7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:33:50.000Z",
|
|
"modified": "2014-11-18T21:33:50.000Z",
|
|
"pattern": "[domain-name:value = 'news.foundationssl.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:33:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbb3e-ee6c-4306-a2fa-c1e7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:33:50.000Z",
|
|
"modified": "2014-11-18T21:33:50.000Z",
|
|
"pattern": "[domain-name:value = 'qoog1e.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:33:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc4-7f98-47cd-bd6f-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:20.000Z",
|
|
"modified": "2014-11-18T21:40:20.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.246.247.246']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc4-432c-4bf0-9de9-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:20.000Z",
|
|
"modified": "2014-11-18T21:40:20.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.255.61.114']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc4-20c4-4db3-80c2-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:20.000Z",
|
|
"modified": "2014-11-18T21:40:20.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '103.255.61.39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc4-7060-4d50-a1c3-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:20.000Z",
|
|
"modified": "2014-11-18T21:40:20.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '113.10.201.124']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc4-0054-49a2-b302-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:20.000Z",
|
|
"modified": "2014-11-18T21:40:20.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '118.193.153.201']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc4-3404-4f9a-9be1-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:20.000Z",
|
|
"modified": "2014-11-18T21:40:20.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.10.210']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc4-6ad4-4729-bc19-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:20.000Z",
|
|
"modified": "2014-11-18T21:40:20.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '122.10.9.109']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc4-8698-46a1-ad1d-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:20.000Z",
|
|
"modified": "2014-11-18T21:40:20.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '123.108.111.209']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc4-4268-4365-a097-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:20.000Z",
|
|
"modified": "2014-11-18T21:40:20.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '176.53.22.143']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc4-bccc-4495-9216-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:20.000Z",
|
|
"modified": "2014-11-18T21:40:20.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '180.210.206.225']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc4-dc2c-43ea-9eed-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:20.000Z",
|
|
"modified": "2014-11-18T21:40:20.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.22.163.121']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc4-ec50-4d76-8c49-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:20.000Z",
|
|
"modified": "2014-11-18T21:40:20.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.82.123.222']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc4-0e94-478d-94c4-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:20.000Z",
|
|
"modified": "2014-11-18T21:40:20.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '184.82.46.5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc4-3ccc-4472-992d-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:20.000Z",
|
|
"modified": "2014-11-18T21:40:20.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.161.61.10']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-e058-44ce-935f-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '198.96.92.108']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-7f6c-4d20-8dd0-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '204.152.198.100']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-ad04-44ff-b103-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.0.176.21']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-57ec-447c-b898-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.0.176.23']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-ac40-409f-871d-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.127.114']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-fe4c-46e5-90eb-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.127.32']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-2270-4453-972e-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.127.39']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-48b0-430f-b8ae-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.127.53']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-2f78-4bbe-b20f-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '210.209.86.145']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-9a3c-45ce-8c7a-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '58.96.172.209']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-4a1c-4230-8080-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '66.197.231.62']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-3968-4998-a10e-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.197.146.80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-0054-4e5b-b4e9-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.197.183.142']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-e040-4cb5-b7b9-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.197.183.152']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-c16c-4b4a-9c65-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.197.183.159']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcc5-631c-4c8b-9b12-f2ea950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:21.000Z",
|
|
"modified": "2014-11-18T21:40:21.000Z",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '69.197.183.189']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:40:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--546bbce2-d558-4d16-936a-40b5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:40:50.000Z",
|
|
"modified": "2014-11-18T21:40:50.000Z",
|
|
"labels": [
|
|
"misp:type=\"comment\"",
|
|
"misp:category=\"External analysis\""
|
|
],
|
|
"x_misp_category": "External analysis",
|
|
"x_misp_type": "comment",
|
|
"x_misp_value": "Data entered by David Andr\u00c3\u00a9"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcf6-4424-45e3-8311-c1e7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:41:10.000Z",
|
|
"modified": "2014-11-18T21:41:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'ef498ea09bf51b002fc7eb3dfd0d19d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:41:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcf6-c62c-4f4e-ba03-c1e7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:41:10.000Z",
|
|
"modified": "2014-11-18T21:41:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = '409ae279d7c44b11156318848ddb4a3f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:41:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcf6-fc9c-41ae-a644-c1e7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:41:10.000Z",
|
|
"modified": "2014-11-18T21:41:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9cf5523da799277a4d40881199eb8325']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:41:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcf7-ef90-4599-83e3-c1e7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:41:10.000Z",
|
|
"modified": "2014-11-18T21:41:10.000Z",
|
|
"pattern": "[file:hashes.MD5 = '9d1f8822b92ad3224db1c9ec89b529ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:41:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbcf7-5688-4d06-a32a-c1e7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:41:11.000Z",
|
|
"modified": "2014-11-18T21:41:11.000Z",
|
|
"pattern": "[file:hashes.MD5 = 'be3a3daa7d0d11df2380d3401696624a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:41:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--546bbd4e-8f78-4624-94a5-4549950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:42:38.000Z",
|
|
"modified": "2014-11-18T21:42:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Attribution\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "james_boodle@yahoo.com"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--546bbd4e-a0c8-4f0f-8907-4b0e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:42:38.000Z",
|
|
"modified": "2014-11-18T21:42:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Attribution\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "li2384826402@yahoo.com"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--546bbd4e-acc4-48dd-9b77-4d9a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:42:38.000Z",
|
|
"modified": "2014-11-18T21:42:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Attribution\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "networkedu@hotmail.com"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--546bbd4e-8ab4-4cd7-bf2f-4bb9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:42:38.000Z",
|
|
"modified": "2014-11-18T21:42:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Attribution\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "qinyz001@163.com"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--546bbd4e-ccb0-4125-934c-4d79950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:42:38.000Z",
|
|
"modified": "2014-11-18T21:42:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Attribution\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "some.trouble@yahoo.com"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--546bbd4e-f8f8-4b00-9d87-4fb6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:42:38.000Z",
|
|
"modified": "2014-11-18T21:42:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Attribution\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "wangsongxu@gmail.com"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--546bbd4e-1e74-4c4e-9270-438a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:42:38.000Z",
|
|
"modified": "2014-11-18T21:42:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Attribution\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "xingyadi2008@gmail.com"
|
|
},
|
|
{
|
|
"type": "x-misp-attribute",
|
|
"spec_version": "2.1",
|
|
"id": "x-misp-attribute--546bbd4e-11f0-4f71-8e09-484c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:42:38.000Z",
|
|
"modified": "2014-11-18T21:42:38.000Z",
|
|
"labels": [
|
|
"misp:type=\"text\"",
|
|
"misp:category=\"Attribution\""
|
|
],
|
|
"x_misp_category": "Attribution",
|
|
"x_misp_type": "text",
|
|
"x_misp_value": "yuming@yinsibaohu.aliyun.com"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdd9-cfe4-4981-a196-427b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:44:57.000Z",
|
|
"modified": "2014-11-18T21:44:57.000Z",
|
|
"pattern": "[domain-name:value = '9aaa.info']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:44:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdd9-3350-4dcd-a976-4613950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:44:57.000Z",
|
|
"modified": "2014-11-18T21:44:57.000Z",
|
|
"pattern": "[domain-name:value = 'educationel.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:44:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdd9-105c-45b3-8d3d-44f4950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:44:57.000Z",
|
|
"modified": "2014-11-18T21:44:57.000Z",
|
|
"pattern": "[domain-name:value = 'foundationssl.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:44:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdd9-a580-4fc3-9500-40ab950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:44:57.000Z",
|
|
"modified": "2014-11-18T21:44:57.000Z",
|
|
"pattern": "[domain-name:value = 'googlecaches.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:44:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdd9-77c8-4316-80b3-443f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:44:57.000Z",
|
|
"modified": "2014-11-18T21:44:57.000Z",
|
|
"pattern": "[domain-name:value = 'googlewebcache.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:44:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdd9-42c0-41ab-8658-4651950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:44:57.000Z",
|
|
"modified": "2014-11-18T21:44:57.000Z",
|
|
"pattern": "[domain-name:value = 'hudsononlinenews.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:44:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdd9-cf38-4e46-b166-4361950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:44:57.000Z",
|
|
"modified": "2014-11-18T21:44:57.000Z",
|
|
"pattern": "[domain-name:value = 'lifewalden.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:44:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdd9-09e8-441e-8ce3-43ca950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:44:57.000Z",
|
|
"modified": "2014-11-18T21:44:57.000Z",
|
|
"pattern": "[domain-name:value = 'mailaunch.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:44:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdda-39c8-4b05-82f6-4974950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:44:57.000Z",
|
|
"modified": "2014-11-18T21:44:57.000Z",
|
|
"pattern": "[domain-name:value = 'msdnblog.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:44:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdda-3ce8-4279-a9d8-4c0b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:44:58.000Z",
|
|
"modified": "2014-11-18T21:44:58.000Z",
|
|
"pattern": "[domain-name:value = 'outlookssl.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:44:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdda-d4a4-43cd-a0d7-42b1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:44:58.000Z",
|
|
"modified": "2014-11-18T21:44:58.000Z",
|
|
"pattern": "[domain-name:value = 'qoog1e.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:44:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdda-7a08-4763-a01e-40e6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:44:58.000Z",
|
|
"modified": "2014-11-18T21:44:58.000Z",
|
|
"pattern": "[domain-name:value = 'webmailgoogle.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:44:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdda-3610-4dca-ae68-482e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:44:58.000Z",
|
|
"modified": "2014-11-18T21:44:58.000Z",
|
|
"pattern": "[domain-name:value = 'windowsautoupdate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:44:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf4-7fd4-4468-8b42-48d8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:24.000Z",
|
|
"modified": "2014-11-18T21:45:24.000Z",
|
|
"pattern": "[domain-name:value = 'blog.mailaunch.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf4-58bc-4c7f-9c82-42cf950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:24.000Z",
|
|
"modified": "2014-11-18T21:45:24.000Z",
|
|
"pattern": "[domain-name:value = 'blog.msdnblog.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf4-a8d4-41c5-9605-4022950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:24.000Z",
|
|
"modified": "2014-11-18T21:45:24.000Z",
|
|
"pattern": "[domain-name:value = 'blogs.msdnblog.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf4-738c-4064-a280-4610950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:24.000Z",
|
|
"modified": "2014-11-18T21:45:24.000Z",
|
|
"pattern": "[domain-name:value = 'boxun.mailaunch.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf4-78b8-4695-ba4b-46a3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:24.000Z",
|
|
"modified": "2014-11-18T21:45:24.000Z",
|
|
"pattern": "[domain-name:value = 'ccac.dyndns-web.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-d00c-488f-9f54-488b950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'dns.symantec-sync.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-8da8-431a-8e6d-4cab950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'download.msdnblog.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-69b8-4be7-a1d7-4b7a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'download.symantec-sync.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-4f44-4b35-8668-47b7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'email.webmailgoogle.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-3e18-40da-814d-47c1950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'files.mailaunch.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-c948-4282-9089-4833950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'flash0day.4pu.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-25d0-487f-9cd1-4f32950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'flashplayer.proxydns.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-83fc-4077-a35d-4319950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'ftp.webmailgoogle.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-e768-4f05-ad93-4a80950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'googlebot1.dyndns-office.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-decc-4e66-a846-4887950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'googlebot5.dyndns-office.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-62d0-4e9f-8e06-45d9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'image.googlecaches.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-93f4-440e-aeb1-4a9f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'image.symantec-sync.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-36f4-4098-8327-4437950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'images.googlewebcache.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-9568-4717-8c9a-46b9950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'imap.mailaunch.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-c33c-4cc2-addd-4476950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'inbox.mailaunch.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf5-6210-425a-87cc-4bc5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:25.000Z",
|
|
"modified": "2014-11-18T21:45:25.000Z",
|
|
"pattern": "[domain-name:value = 'inbox.webmailgoogle.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-57a8-4218-bc08-4746950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'lenovocn.dyndns.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-7190-4839-a303-4142950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'mail.webmailgoogle.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-d510-4776-bc3f-42c3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'news.educationel.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-edb4-415a-be1b-45f3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'news.googlecaches.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-e4ac-470f-85f8-4522950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'news.mailaunch.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-7df8-405b-a3a5-4b20950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'news.msdnblog.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-5c80-480d-a5e5-4de5950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'pop.mailaunch.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-60a4-4ec3-a5a9-4ea3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'proxy.otzo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-fff0-4482-8e4e-4aa8950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'remote.googlewebcache.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-0988-4b57-9817-409d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'shared.images.googlewebcache.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-f7b4-40b1-bf9b-4f19950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'smtp.mailaunch.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-691c-414a-8a4a-4544950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'smtp.outlookssl.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-cc5c-4130-8069-4b57950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'smtp.windowsautoupdate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-9604-437e-b5a3-4c1a950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'socks5.proxydns.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-ad20-4d88-97b8-42ba950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'symantec-sync.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-ae10-4d34-b1b6-4f55950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'tem.dyndns.tv']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf6-5de8-407d-89c7-4981950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:26.000Z",
|
|
"modified": "2014-11-18T21:45:26.000Z",
|
|
"pattern": "[domain-name:value = 'test.googlecaches.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-b6ec-4578-a13f-422d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'update.windowsautoupdate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-906c-47dd-9451-4022950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'upload.msdnblog.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-73c4-489e-9934-4af3950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'vpn.foundationssl.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-e34c-4b8a-9f8b-46c7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'vpn.ssl443.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-0b60-4dc1-9ad9-4f32950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'web.windowsautoupdate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-dc60-4584-ae1e-4e4e950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'www.educationel.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-e2f8-452a-920e-4de6950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'www.foundationssl.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-8a14-4832-bf9d-4568950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'www.hudsononlinenews.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-4424-4ef2-8734-45ba950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'www.mailaunch.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-fd88-4ffc-b261-484f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'www.msdnblog.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-a440-4b39-89ae-4136950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'www.qoog1e.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-0cac-41d4-80b7-4dc7950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'www.webmailgoogle.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-bddc-4690-b3cd-435f950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'www.windowsautoupdate.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-8f14-46eb-8eb9-4ca2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'yahoo.mailaunch.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbdf7-e5e4-4414-a817-45ad950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:45:27.000Z",
|
|
"modified": "2014-11-18T21:45:27.000Z",
|
|
"pattern": "[domain-name:value = 'zhfdc.dyndns.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:45:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbe8c-2b00-4cd0-b6b0-467c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:47:56.000Z",
|
|
"modified": "2014-11-18T21:47:56.000Z",
|
|
"pattern": "[alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Plugin used in WateringHole Attacks\"; flow:from_server,established; file_data; content:\"=scanbox.info.\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)]",
|
|
"pattern_type": "snort",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:47:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"snort\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbe8c-af58-4742-808c-435c950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:47:56.000Z",
|
|
"modified": "2014-11-18T21:47:56.000Z",
|
|
"pattern": "[alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Java Detection used in WateringHole Attacks\"; flow:from_server,established; file_data; content:\"\\\"No Java or Disable\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)]",
|
|
"pattern_type": "snort",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:47:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"snort\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbe8d-4bf4-4563-84f4-42a2950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:47:57.000Z",
|
|
"modified": "2014-11-18T21:47:57.000Z",
|
|
"pattern": "[alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework AV Detection used in WateringHole Attacks\"; flow:from_server,established; file_data; content:\"avg2012check()\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)]",
|
|
"pattern_type": "snort",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:47:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"snort\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbe8d-fbb8-4283-a2b7-4755950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:47:57.000Z",
|
|
"modified": "2014-11-18T21:47:57.000Z",
|
|
"pattern": "[alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework and legitimate websites Flash Detection\"; flow:from_server,established; file_data; content:\"var flash=function(){}\\;flash.prototype.controlVersion=function\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)]",
|
|
"pattern_type": "snort",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:47:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"snort\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbe8d-a95c-47dc-a98c-4d6d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:47:57.000Z",
|
|
"modified": "2014-11-18T21:47:57.000Z",
|
|
"pattern": "[alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Local IP Detection\"; flow:from_server,established; file_data; content:\"if (evt.candidate) grepSDP(evt.candidate.candidate)\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)]",
|
|
"pattern_type": "snort",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:47:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"snort\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbe8d-4934-48e1-9f52-4b0d950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:47:57.000Z",
|
|
"modified": "2014-11-18T21:47:57.000Z",
|
|
"pattern": "[alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Javscript Keylogging\"; flow:from_server,established; file_data; content:\"CapsLock=currKey>=65&&currKey<=90\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)]",
|
|
"pattern_type": "snort",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:47:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"snort\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--546bbe8d-461c-4be5-9121-45ff950d210b",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2014-11-18T21:47:57.000Z",
|
|
"modified": "2014-11-18T21:47:57.000Z",
|
|
"pattern": "[alert tcp $EXTERNAL_NET any -> $HOME_NET any (msg:\"ScanBox Framework Navigator Plugin Detection\"; flow:from_server,established; file_data; content:\"navigator.plugins[x].filename.replace(/,/g,\"; reference:url,pwc.blogs.com/cyber_security_updates/2014/10/scanbox-framework-whos-affected-and-whos-using-it-1.html; classtype:trojan-activity; rev:1;)]",
|
|
"pattern_type": "snort",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2014-11-18T21:47:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"snort\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c645e3-80e8-4b89-bbbf-599e950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:29:55.000Z",
|
|
"modified": "2016-02-18T22:29:55.000Z",
|
|
"description": "Automatically added (via ef498ea09bf51b002fc7eb3dfd0d19d3)",
|
|
"pattern": "[file:hashes.SHA1 = 'e8a8ffe39040fe36e95217b4e4f1316177d675ed']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:29:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c645e5-ed90-41b7-98dc-59a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:29:57.000Z",
|
|
"modified": "2016-02-18T22:29:57.000Z",
|
|
"description": "Automatically added (via 9cf5523da799277a4d40881199eb8325)",
|
|
"pattern": "[file:hashes.SHA1 = '809959f390d5a49c8999ad6fff27fdc92ff1b2b0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:29:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c645e7-596c-4636-bce9-59a3950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:29:59.000Z",
|
|
"modified": "2016-02-18T22:29:59.000Z",
|
|
"description": "Automatically added (via be3a3daa7d0d11df2380d3401696624a)",
|
|
"pattern": "[file:hashes.SHA1 = 'f1890cc9d6dc84021426834063394539414f68d8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:29:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c645e4-8bec-477d-805a-44b8950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:29:56.000Z",
|
|
"modified": "2016-02-18T22:29:56.000Z",
|
|
"description": "Automatically added (via ef498ea09bf51b002fc7eb3dfd0d19d3)",
|
|
"pattern": "[file:hashes.SHA256 = 'ab58b6aa7dcc25d8f6e4b70a24e0ccede0d5f6129df02a9e61293c1d7d7640a2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:29:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c645e6-a24c-4f4c-912a-599f950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:29:58.000Z",
|
|
"modified": "2016-02-18T22:29:58.000Z",
|
|
"description": "Automatically added (via 9cf5523da799277a4d40881199eb8325)",
|
|
"pattern": "[file:hashes.SHA256 = '4639c30b3666cb11b3927d5579790a88bff68e8137f18241f4693e0d4539c608']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:29:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--56c645e8-20e0-4063-8968-4832950d210f",
|
|
"created_by_ref": "identity--55f6ea5f-fd34-43b8-ac1d-40cb950d210f",
|
|
"created": "2016-02-18T22:30:00.000Z",
|
|
"modified": "2016-02-18T22:30:00.000Z",
|
|
"description": "Automatically added (via be3a3daa7d0d11df2380d3401696624a)",
|
|
"pattern": "[file:hashes.SHA256 = '3112420afeb829a575ba46512314c0fab2fc80870c153de35cde4d3140a2dd26']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-02-18T22:30:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "External analysis"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"External analysis\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--34098fce-860f-48ae-8e50-ebd3cc5e41da",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:GREEN",
|
|
"definition": {
|
|
"tlp": "green"
|
|
}
|
|
}
|
|
]
|
|
} |