723 lines
No EOL
29 KiB
JSON
723 lines
No EOL
29 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--57b320b4-4e08-44aa-89b9-428a950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:32:28.000Z",
|
|
"modified": "2016-08-16T14:32:28.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--57b320b4-4e08-44aa-89b9-428a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:32:28.000Z",
|
|
"modified": "2016-08-16T14:32:28.000Z",
|
|
"name": "Malspam 2016-08-16 (.wsf in .zip) - campaign: 'Blank 2'",
|
|
"published": "2016-08-17T07:33:26Z",
|
|
"object_refs": [
|
|
"indicator--57b320eb-a110-404f-87c2-49b7950d210f",
|
|
"indicator--57b320eb-a83c-4af8-8afe-4b99950d210f",
|
|
"indicator--57b320ec-1ef8-4bf6-8951-47e9950d210f",
|
|
"indicator--57b320ed-e7f4-488e-aba6-4546950d210f",
|
|
"indicator--57b320ed-9208-4808-a284-439f950d210f",
|
|
"indicator--57b320ee-8a14-4a2e-a912-42ad950d210f",
|
|
"indicator--57b320ee-c080-4dc9-ab8d-4f1c950d210f",
|
|
"indicator--57b320ee-74d4-4cd4-9769-4afd950d210f",
|
|
"indicator--57b320ef-4a38-4a70-912d-4037950d210f",
|
|
"indicator--57b320ef-94dc-4c75-92ae-420e950d210f",
|
|
"indicator--57b320f0-0650-4552-945f-4bbe950d210f",
|
|
"indicator--57b320f0-9fc0-47fc-90eb-4c48950d210f",
|
|
"indicator--57b320f1-99bc-49c0-a775-4875950d210f",
|
|
"indicator--57b320f1-1a64-42de-a759-47b3950d210f",
|
|
"indicator--57b32311-4068-4190-8f07-468c950d210f",
|
|
"indicator--57b32312-7224-44b5-a7a9-49a8950d210f",
|
|
"indicator--57b32312-aad8-4237-b937-4107950d210f",
|
|
"indicator--57b32312-2620-43cf-9c27-47a1950d210f",
|
|
"indicator--57b32313-ebb8-4d84-9f83-4189950d210f",
|
|
"indicator--57b32313-1b4c-4d93-868d-4c65950d210f",
|
|
"indicator--57b32313-15bc-4a0f-9871-4cff950d210f",
|
|
"indicator--57b32314-fc90-41f5-ba01-4017950d210f",
|
|
"indicator--57b32314-a5bc-4458-bfd8-423c950d210f",
|
|
"indicator--57b32314-8c18-42b5-803b-4cb9950d210f",
|
|
"indicator--57b32314-c348-409d-b5b1-4689950d210f",
|
|
"indicator--57b32315-ae0c-4549-a954-4ec2950d210f",
|
|
"observed-data--57b3233c-85c4-4f4e-afe4-44e5950d210f",
|
|
"email-message--57b3233c-85c4-4f4e-afe4-44e5950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"circl:incident-classification=\"malware\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b320eb-a110-404f-87c2-49b7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:19:23.000Z",
|
|
"modified": "2016-08-16T14:19:23.000Z",
|
|
"description": "download location",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '192.151.153.26']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:19:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b320eb-a83c-4af8-8afe-4b99950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:19:23.000Z",
|
|
"modified": "2016-08-16T14:19:23.000Z",
|
|
"description": "download location",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '213.205.40.169']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:19:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b320ec-1ef8-4bf6-8951-47e9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:19:24.000Z",
|
|
"modified": "2016-08-16T14:19:24.000Z",
|
|
"description": "download location",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '77.244.243.38']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:19:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b320ed-e7f4-488e-aba6-4546950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:19:25.000Z",
|
|
"modified": "2016-08-16T14:19:25.000Z",
|
|
"description": "download location",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '95.211.144.65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:19:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b320ed-9208-4808-a284-439f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:19:25.000Z",
|
|
"modified": "2016-08-16T14:19:25.000Z",
|
|
"description": "download location",
|
|
"pattern": "[url:value = 'http://sp2.cba.pl/nJHbj0266b?hIeYfAIU=RlvjEYkyO']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:19:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b320ee-8a14-4a2e-a912-42ad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:19:26.000Z",
|
|
"modified": "2016-08-16T14:19:26.000Z",
|
|
"description": "download location",
|
|
"pattern": "[url:value = 'http://www.ferienhaus-mesa.at/nJHbj0266b?bVNhynB=AiGSHMqkUH']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:19:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b320ee-c080-4dc9-ab8d-4f1c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:19:26.000Z",
|
|
"modified": "2016-08-16T14:19:26.000Z",
|
|
"description": "download location",
|
|
"pattern": "[url:value = 'http://www.gcs-crostolo.it/nJHbj0266b?mfnIPUUMI=lYOSxK']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:19:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b320ee-74d4-4cd4-9769-4afd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:19:26.000Z",
|
|
"modified": "2016-08-16T14:19:26.000Z",
|
|
"description": "download location",
|
|
"pattern": "[url:value = 'http://www.lefaos.50webs.com/nJHbj0266b?EYywKnoMCqD=YlCTTo']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:19:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b320ef-4a38-4a70-912d-4037950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:19:27.000Z",
|
|
"modified": "2016-08-16T14:19:27.000Z",
|
|
"description": "download location",
|
|
"pattern": "[url:value = 'http://www.mediatoponline.it/nJHbj0266b?hzFFUHptoGJ=fWxaDgf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:19:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b320ef-94dc-4c75-92ae-420e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:19:27.000Z",
|
|
"modified": "2016-08-16T14:19:27.000Z",
|
|
"description": "download location",
|
|
"pattern": "[domain-name:value = 'sp2.cba.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:19:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b320f0-0650-4552-945f-4bbe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:19:28.000Z",
|
|
"modified": "2016-08-16T14:19:28.000Z",
|
|
"description": "download location",
|
|
"pattern": "[domain-name:value = 'www.ferienhaus-mesa.at']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:19:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b320f0-9fc0-47fc-90eb-4c48950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:19:28.000Z",
|
|
"modified": "2016-08-16T14:19:28.000Z",
|
|
"description": "download location",
|
|
"pattern": "[domain-name:value = 'www.gcs-crostolo.it']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:19:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b320f1-99bc-49c0-a775-4875950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:19:29.000Z",
|
|
"modified": "2016-08-16T14:19:29.000Z",
|
|
"description": "download location",
|
|
"pattern": "[domain-name:value = 'www.lefaos.50webs.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:19:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b320f1-1a64-42de-a759-47b3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:19:29.000Z",
|
|
"modified": "2016-08-16T14:19:29.000Z",
|
|
"description": "download location",
|
|
"pattern": "[domain-name:value = 'www.mediatoponline.it']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:19:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b32311-4068-4190-8f07-468c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:28:33.000Z",
|
|
"modified": "2016-08-16T14:28:33.000Z",
|
|
"description": "download location",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '112.140.42.29']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:28:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b32312-7224-44b5-a7a9-49a8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:28:34.000Z",
|
|
"modified": "2016-08-16T14:28:34.000Z",
|
|
"description": "download location",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.72.183.216']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:28:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b32312-aad8-4237-b937-4107950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:28:34.000Z",
|
|
"modified": "2016-08-16T14:28:34.000Z",
|
|
"description": "download location",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '92.38.227.7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:28:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b32312-2620-43cf-9c27-47a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:28:34.000Z",
|
|
"modified": "2016-08-16T14:28:34.000Z",
|
|
"description": "download location",
|
|
"pattern": "[domain-name:value = 'hoshiomi.yu-nagi.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:28:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b32313-ebb8-4d84-9f83-4189950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:28:35.000Z",
|
|
"modified": "2016-08-16T14:28:35.000Z",
|
|
"description": "download location",
|
|
"pattern": "[url:value = 'http://hoshiomi.yu-nagi.com/nJHbj0266b?hIeYfAIU=RlvjEYkyO']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:28:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b32313-1b4c-4d93-868d-4c65950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:28:35.000Z",
|
|
"modified": "2016-08-16T14:28:35.000Z",
|
|
"description": "download location",
|
|
"pattern": "[url:value = 'http://hoshiomi.yu-nagi.com/nJHbj0266b?hzFFUHptoGJ=fWxaDgf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:28:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b32313-15bc-4a0f-9871-4cff950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:28:35.000Z",
|
|
"modified": "2016-08-16T14:28:35.000Z",
|
|
"description": "download location",
|
|
"pattern": "[url:value = 'http://muznavolge.ru/nJHbj0266b?mfnIPUUMI=lYOSxK']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:28:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b32314-fc90-41f5-ba01-4017950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:28:36.000Z",
|
|
"modified": "2016-08-16T14:28:36.000Z",
|
|
"description": "download location",
|
|
"pattern": "[url:value = 'http://www.gianlucaboezio.it./nJHbj0266b?bVNhynB=AiGSHMqkUH']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b32314-a5bc-4458-bfd8-423c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:28:36.000Z",
|
|
"modified": "2016-08-16T14:28:36.000Z",
|
|
"description": "download location",
|
|
"pattern": "[url:value = 'http://www.greatidea.de/nJHbj0266b?hzFFUHptoGJ=fWxaDgf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b32314-8c18-42b5-803b-4cb9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:28:36.000Z",
|
|
"modified": "2016-08-16T14:28:36.000Z",
|
|
"description": "download location",
|
|
"pattern": "[domain-name:value = 'muznavolge.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"domain\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b32314-c348-409d-b5b1-4689950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:28:36.000Z",
|
|
"modified": "2016-08-16T14:28:36.000Z",
|
|
"description": "download location",
|
|
"pattern": "[domain-name:value = 'www.gianlucaboezio.it']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:28:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--57b32315-ae0c-4549-a954-4ec2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:28:37.000Z",
|
|
"modified": "2016-08-16T14:28:37.000Z",
|
|
"description": "download location",
|
|
"pattern": "[domain-name:value = 'www.greatidea.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2016-08-16T14:28:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--57b3233c-85c4-4f4e-afe4-44e5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2016-08-16T14:29:16.000Z",
|
|
"modified": "2016-08-16T14:29:16.000Z",
|
|
"first_observed": "2016-08-16T14:29:16Z",
|
|
"last_observed": "2016-08-16T14:29:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"email-message--57b3233c-85c4-4f4e-afe4-44e5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"email-subject\"",
|
|
"misp:category=\"Payload delivery\""
|
|
]
|
|
},
|
|
{
|
|
"type": "email-message",
|
|
"spec_version": "2.1",
|
|
"id": "email-message--57b3233c-85c4-4f4e-afe4-44e5950d210f",
|
|
"is_multipart": false,
|
|
"subject": "Blank 2"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |