1961 lines
No EOL
78 KiB
JSON
1961 lines
No EOL
78 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5922e0ac-0314-43d5-b36e-4ac4950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:16.000Z",
|
|
"modified": "2017-05-26T12:57:16.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5922e0ac-0314-43d5-b36e-4ac4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:16.000Z",
|
|
"modified": "2017-05-26T12:57:16.000Z",
|
|
"name": "Jaff 2017-05-22 : \"Copy of Invoice 12345678\" / \"12345678.PDF\"",
|
|
"published": "2017-05-26T12:58:10Z",
|
|
"object_refs": [
|
|
"indicator--5922e0ae-4318-4551-b2d6-41a4950d210f",
|
|
"indicator--5922e0af-39b4-453a-ac80-443d950d210f",
|
|
"indicator--5922e0b0-4e74-4a75-8791-4974950d210f",
|
|
"indicator--5922e0b1-71e4-435c-8b0a-4ccd950d210f",
|
|
"observed-data--5922e0b2-e6e0-4dce-80f3-41a5950d210f",
|
|
"network-traffic--5922e0b2-e6e0-4dce-80f3-41a5950d210f",
|
|
"ipv4-addr--5922e0b2-e6e0-4dce-80f3-41a5950d210f",
|
|
"indicator--5922e0b3-b220-4bf2-b3fd-4e34950d210f",
|
|
"indicator--5922e0b4-c4c4-4d4b-b2cb-4089950d210f",
|
|
"indicator--5922e0b8-99e8-471c-8eda-4cad950d210f",
|
|
"indicator--5922e0b9-00e0-4809-8eb2-441d950d210f",
|
|
"indicator--5922e0ba-f65c-47ef-b2c4-40e6950d210f",
|
|
"indicator--5922e0bc-7154-4184-b729-41c6950d210f",
|
|
"indicator--5922e0bd-25c0-4b14-990f-4a19950d210f",
|
|
"indicator--5922e0be-3a54-4abf-b6b7-454f950d210f",
|
|
"indicator--5922e0bf-4d0c-4dcb-96a1-440d950d210f",
|
|
"indicator--5922e0bf-fbc0-4be0-be3d-4f0c950d210f",
|
|
"indicator--5922e0c0-2858-4664-9d17-4526950d210f",
|
|
"indicator--5922e0c1-ad44-4b18-9454-45b6950d210f",
|
|
"indicator--5922e0c2-7888-42c7-bd43-4dfc950d210f",
|
|
"indicator--5922e0c3-18e4-4977-96ac-449c950d210f",
|
|
"indicator--5922e0c4-d64c-48b1-8a6f-426a950d210f",
|
|
"indicator--5922e0c4-2420-4b23-9737-4484950d210f",
|
|
"indicator--5922e0c5-c370-4aa8-9329-4259950d210f",
|
|
"observed-data--5922e0c6-68ac-43b0-8647-4c3a950d210f",
|
|
"network-traffic--5922e0c6-68ac-43b0-8647-4c3a950d210f",
|
|
"ipv4-addr--5922e0c6-68ac-43b0-8647-4c3a950d210f",
|
|
"indicator--5922e0c7-4e44-41c2-8bd7-4ee2950d210f",
|
|
"indicator--5922e0c8-2178-4807-9c05-41e2950d210f",
|
|
"indicator--5922e0ca-99fc-4e1a-aaeb-42b5950d210f",
|
|
"indicator--5922e0cb-04f0-47be-bfad-4a08950d210f",
|
|
"observed-data--5922e0cc-982c-4115-827e-4cb1950d210f",
|
|
"network-traffic--5922e0cc-982c-4115-827e-4cb1950d210f",
|
|
"ipv4-addr--5922e0cc-982c-4115-827e-4cb1950d210f",
|
|
"indicator--5922e0cd-070c-407f-9c19-4515950d210f",
|
|
"indicator--5922e0ce-dd08-4b84-9490-4294950d210f",
|
|
"indicator--5922e0cf-9a10-4fea-b7eb-4c14950d210f",
|
|
"indicator--5922e0d0-5ab4-45b0-af59-44de950d210f",
|
|
"indicator--5922e0d1-0dac-40b7-987e-49e0950d210f",
|
|
"observed-data--5922e0d2-ada4-4ad7-866a-4c93950d210f",
|
|
"network-traffic--5922e0d2-ada4-4ad7-866a-4c93950d210f",
|
|
"ipv4-addr--5922e0d2-ada4-4ad7-866a-4c93950d210f",
|
|
"indicator--5922e0d3-f680-4470-8c63-4ed6950d210f",
|
|
"indicator--5922e0d4-2f54-4e39-8d19-41e2950d210f",
|
|
"observed-data--5922e0d5-7850-4581-8305-47b1950d210f",
|
|
"network-traffic--5922e0d5-7850-4581-8305-47b1950d210f",
|
|
"ipv4-addr--5922e0d5-7850-4581-8305-47b1950d210f",
|
|
"indicator--5922e0d6-7458-4fa1-96c9-4670950d210f",
|
|
"indicator--5922e0d6-839c-47a8-861d-40b6950d210f",
|
|
"observed-data--5922e0d7-e834-48e1-8f17-4699950d210f",
|
|
"network-traffic--5922e0d7-e834-48e1-8f17-4699950d210f",
|
|
"ipv4-addr--5922e0d7-e834-48e1-8f17-4699950d210f",
|
|
"indicator--5922e0d8-d3e4-487d-925d-4a13950d210f",
|
|
"indicator--5922e0da-b918-4179-98ed-40a2950d210f",
|
|
"observed-data--5922e0dc-4670-46c0-bfc8-4655950d210f",
|
|
"network-traffic--5922e0dc-4670-46c0-bfc8-4655950d210f",
|
|
"ipv4-addr--5922e0dc-4670-46c0-bfc8-4655950d210f",
|
|
"indicator--5922e0dd-8594-4220-b67a-4fdf950d210f",
|
|
"indicator--5922e0de-cef0-4338-bba7-4aca950d210f",
|
|
"indicator--5922e0e0-8bb0-495a-a9e7-47c4950d210f",
|
|
"indicator--5922ec55-a8cc-4ac0-976e-4cc102de0b81",
|
|
"indicator--5922ec55-7140-43b7-aaa9-448502de0b81",
|
|
"observed-data--5922ec56-e6f4-4cfd-b1bd-42af02de0b81",
|
|
"url--5922ec56-e6f4-4cfd-b1bd-42af02de0b81",
|
|
"indicator--5922ec56-a928-47e2-bb25-4f1902de0b81",
|
|
"indicator--5922ec57-5ebc-43ec-9c92-460c02de0b81",
|
|
"observed-data--5922ec57-091c-4adb-ae21-420702de0b81",
|
|
"url--5922ec57-091c-4adb-ae21-420702de0b81",
|
|
"indicator--5922f376-3e10-4493-896c-449c950d210f",
|
|
"indicator--5922f377-7ec4-4b74-a8a6-4284950d210f",
|
|
"indicator--5922f377-9874-4243-b285-47ee950d210f",
|
|
"indicator--5922f378-a584-4fb7-9810-458b950d210f",
|
|
"indicator--5922f378-e0c0-48c1-897a-471f950d210f",
|
|
"observed-data--5922f379-74b0-4dc4-8a6e-493e950d210f",
|
|
"network-traffic--5922f379-74b0-4dc4-8a6e-493e950d210f",
|
|
"ipv4-addr--5922f379-74b0-4dc4-8a6e-493e950d210f",
|
|
"observed-data--5922f379-5778-475a-b239-482c950d210f",
|
|
"network-traffic--5922f379-5778-475a-b239-482c950d210f",
|
|
"ipv4-addr--5922f379-5778-475a-b239-482c950d210f",
|
|
"observed-data--5922f379-55cc-4bed-8b29-4670950d210f",
|
|
"network-traffic--5922f379-55cc-4bed-8b29-4670950d210f",
|
|
"ipv4-addr--5922f379-55cc-4bed-8b29-4670950d210f",
|
|
"indicator--5922f37a-2fb0-41ec-b08a-4bf0950d210f",
|
|
"indicator--5922f37a-8780-4a14-aaaa-4682950d210f",
|
|
"indicator--5922f37b-b8c4-4745-ab98-45c3950d210f",
|
|
"indicator--5922f37b-70d8-43b5-9105-4dfe950d210f",
|
|
"indicator--5922f37c-2874-47c0-b989-4e87950d210f",
|
|
"indicator--5923f4b3-5c94-495f-a664-4103950d210f",
|
|
"indicator--5923f4b3-6d2c-4f74-a048-43e7950d210f",
|
|
"observed-data--5923f4b4-00ec-48d3-bc5f-4524950d210f",
|
|
"network-traffic--5923f4b4-00ec-48d3-bc5f-4524950d210f",
|
|
"ipv4-addr--5923f4b4-00ec-48d3-bc5f-4524950d210f",
|
|
"observed-data--5923f4b4-99ac-4089-8b24-4a69950d210f",
|
|
"network-traffic--5923f4b4-99ac-4089-8b24-4a69950d210f",
|
|
"ipv4-addr--5923f4b4-99ac-4089-8b24-4a69950d210f",
|
|
"observed-data--5923f4b5-fa90-4f25-ad9f-4b5c950d210f",
|
|
"network-traffic--5923f4b5-fa90-4f25-ad9f-4b5c950d210f",
|
|
"ipv4-addr--5923f4b5-fa90-4f25-ad9f-4b5c950d210f",
|
|
"indicator--5923f4b5-b050-45e7-8551-45cf950d210f",
|
|
"indicator--5923f4b6-1894-4f78-a383-4fb8950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\"",
|
|
"ecsirt:malicious-code=\"ransomware\"",
|
|
"misp-galaxy:ransomware=\"Jaff\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0ae-4318-4551-b2d6-41a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[file:hashes.MD5 = '192b829bf7f6829549519168c173c931']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0af-39b4-453a-ac80-443d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[file:hashes.MD5 = '132d56f533f3a074b441cebff98e7742']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0b0-4e74-4a75-8791-4974950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://boomroom.jp/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0b1-71e4-435c-8b0a-4ccd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'boomroom.jp']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5922e0b2-e6e0-4dce-80f3-41a5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:12.000Z",
|
|
"modified": "2017-05-26T12:57:12.000Z",
|
|
"first_observed": "2017-05-26T12:57:12Z",
|
|
"last_observed": "2017-05-26T12:57:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5922e0b2-e6e0-4dce-80f3-41a5950d210f",
|
|
"ipv4-addr--5922e0b2-e6e0-4dce-80f3-41a5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5922e0b2-e6e0-4dce-80f3-41a5950d210f",
|
|
"dst_ref": "ipv4-addr--5922e0b2-e6e0-4dce-80f3-41a5950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5922e0b2-e6e0-4dce-80f3-41a5950d210f",
|
|
"value": "219.118.71.139"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0b3-b220-4bf2-b3fd-4e34950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://brotexxshferrogd.net/af/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0b4-c4c4-4d4b-b2cb-4089950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'brotexxshferrogd.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0b8-99e8-471c-8eda-4cad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"description": "brotexxshferrogd.net",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '54.165.236.47']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0b9-00e0-4809-8eb2-441d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://byuscorp.com/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0ba-f65c-47ef-b2c4-40e6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'byuscorp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0bc-7154-4184-b729-41c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"description": "byuscorp.com",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '115.68.13.78']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0bd-25c0-4b14-990f-4a19950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://datadunyasi.com/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0be-3a54-4abf-b6b7-454f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'datadunyasi.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0bf-4d0c-4dcb-96a1-440d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"description": "datadunyasi.com",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '185.84.180.60']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0bf-fbc0-4be0-be3d-4f0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://endosuitepartners.com/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0c0-2858-4664-9d17-4526950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'endosuitepartners.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0c1-ad44-4b18-9454-45b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"description": "endosuitepartners.com",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '72.52.154.4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0c2-7888-42c7-bd43-4dfc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://essensworld.cz/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0c3-18e4-4977-96ac-449c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'essensworld.cz']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0c4-d64c-48b1-8a6f-426a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"description": "essensworld.cz",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '212.4.153.204']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0c4-2420-4b23-9737-4484950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://f1toh1.com/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0c5-c370-4aa8-9329-4259950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'f1toh1.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5922e0c6-68ac-43b0-8647-4c3a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:12.000Z",
|
|
"modified": "2017-05-26T12:57:12.000Z",
|
|
"first_observed": "2017-05-26T12:57:12Z",
|
|
"last_observed": "2017-05-26T12:57:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5922e0c6-68ac-43b0-8647-4c3a950d210f",
|
|
"ipv4-addr--5922e0c6-68ac-43b0-8647-4c3a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5922e0c6-68ac-43b0-8647-4c3a950d210f",
|
|
"dst_ref": "ipv4-addr--5922e0c6-68ac-43b0-8647-4c3a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5922e0c6-68ac-43b0-8647-4c3a950d210f",
|
|
"value": "107.180.12.39"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0c7-4e44-41c2-8bd7-4ee2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://herrossoidffr6644qa.top/af/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0c8-2178-4807-9c05-41e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'herrossoidffr6644qa.top']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0ca-99fc-4e1a-aaeb-42b5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://joesrv.com/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0cb-04f0-47be-bfad-4a08950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'joesrv.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5922e0cc-982c-4115-827e-4cb1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:13.000Z",
|
|
"modified": "2017-05-26T12:57:13.000Z",
|
|
"first_observed": "2017-05-26T12:57:13Z",
|
|
"last_observed": "2017-05-26T12:57:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5922e0cc-982c-4115-827e-4cb1950d210f",
|
|
"ipv4-addr--5922e0cc-982c-4115-827e-4cb1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5922e0cc-982c-4115-827e-4cb1950d210f",
|
|
"dst_ref": "ipv4-addr--5922e0cc-982c-4115-827e-4cb1950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5922e0cc-982c-4115-827e-4cb1950d210f",
|
|
"value": "184.168.221.12"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0cd-070c-407f-9c19-4515950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://knowyourmarketing.com/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0ce-dd08-4b84-9490-4294950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'knowyourmarketing.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0cf-9a10-4fea-b7eb-4c14950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"description": "knowyourmarketing.com",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '23.235.201.157']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0d0-5ab4-45b0-af59-44de950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://pattumalamatha.com/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0d1-0dac-40b7-987e-49e0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'pattumalamatha.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5922e0d2-ada4-4ad7-866a-4c93950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:13.000Z",
|
|
"modified": "2017-05-26T12:57:13.000Z",
|
|
"first_observed": "2017-05-26T12:57:13Z",
|
|
"last_observed": "2017-05-26T12:57:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5922e0d2-ada4-4ad7-866a-4c93950d210f",
|
|
"ipv4-addr--5922e0d2-ada4-4ad7-866a-4c93950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5922e0d2-ada4-4ad7-866a-4c93950d210f",
|
|
"dst_ref": "ipv4-addr--5922e0d2-ada4-4ad7-866a-4c93950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5922e0d2-ada4-4ad7-866a-4c93950d210f",
|
|
"value": "166.62.30.149"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0d3-f680-4470-8c63-4ed6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://primary-ls.ru/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0d4-2f54-4e39-8d19-41e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'primary-ls.ru']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5922e0d5-7850-4581-8305-47b1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:13.000Z",
|
|
"modified": "2017-05-26T12:57:13.000Z",
|
|
"first_observed": "2017-05-26T12:57:13Z",
|
|
"last_observed": "2017-05-26T12:57:13Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5922e0d5-7850-4581-8305-47b1950d210f",
|
|
"ipv4-addr--5922e0d5-7850-4581-8305-47b1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5922e0d5-7850-4581-8305-47b1950d210f",
|
|
"dst_ref": "ipv4-addr--5922e0d5-7850-4581-8305-47b1950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5922e0d5-7850-4581-8305-47b1950d210f",
|
|
"value": "141.8.195.87"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0d6-7458-4fa1-96c9-4670950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://tayangfood.com/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0d6-839c-47a8-861d-40b6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'tayangfood.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5922e0d7-e834-48e1-8f17-4699950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:14.000Z",
|
|
"modified": "2017-05-26T12:57:14.000Z",
|
|
"first_observed": "2017-05-26T12:57:14Z",
|
|
"last_observed": "2017-05-26T12:57:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5922e0d7-e834-48e1-8f17-4699950d210f",
|
|
"ipv4-addr--5922e0d7-e834-48e1-8f17-4699950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5922e0d7-e834-48e1-8f17-4699950d210f",
|
|
"dst_ref": "ipv4-addr--5922e0d7-e834-48e1-8f17-4699950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5922e0d7-e834-48e1-8f17-4699950d210f",
|
|
"value": "103.7.226.18"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0d8-d3e4-487d-925d-4a13950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://tipografia.by/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0da-b918-4179-98ed-40a2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'tipografia.by']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5922e0dc-4670-46c0-bfc8-4655950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:14.000Z",
|
|
"modified": "2017-05-26T12:57:14.000Z",
|
|
"first_observed": "2017-05-26T12:57:14Z",
|
|
"last_observed": "2017-05-26T12:57:14Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5922e0dc-4670-46c0-bfc8-4655950d210f",
|
|
"ipv4-addr--5922e0dc-4670-46c0-bfc8-4655950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5922e0dc-4670-46c0-bfc8-4655950d210f",
|
|
"dst_ref": "ipv4-addr--5922e0dc-4670-46c0-bfc8-4655950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5922e0dc-4670-46c0-bfc8-4655950d210f",
|
|
"value": "93.125.99.71"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0dd-8594-4220-b67a-4fdf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[url:value = 'http://trollitrancessions.net/a5/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0de-cef0-4338-bba7-4aca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"pattern": "[domain-name:value = 'trollitrancessions.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922e0e0-8bb0-495a-a9e7-47c4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:48:45.000Z",
|
|
"modified": "2017-05-22T13:48:45.000Z",
|
|
"description": "trollitrancessions.net",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '217.29.63.199']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:48:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922ec55-a8cc-4ac0-976e-4cc102de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:49:09.000Z",
|
|
"modified": "2017-05-22T13:49:09.000Z",
|
|
"description": "- Xchecked via VT: 132d56f533f3a074b441cebff98e7742",
|
|
"pattern": "[file:hashes.SHA256 = '3105bf7916ab2e8bdf32f9a4f798c358b4d18da11bcc16f8f063c4b9c200f8b4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:49:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922ec55-7140-43b7-aaa9-448502de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:49:09.000Z",
|
|
"modified": "2017-05-22T13:49:09.000Z",
|
|
"description": "- Xchecked via VT: 132d56f533f3a074b441cebff98e7742",
|
|
"pattern": "[file:hashes.SHA1 = 'ce62251f9c7b0de95ce324efec94fb703776f4ba']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:49:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5922ec56-e6f4-4cfd-b1bd-42af02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:49:10.000Z",
|
|
"modified": "2017-05-22T13:49:10.000Z",
|
|
"first_observed": "2017-05-22T13:49:10Z",
|
|
"last_observed": "2017-05-22T13:49:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5922ec56-e6f4-4cfd-b1bd-42af02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5922ec56-e6f4-4cfd-b1bd-42af02de0b81",
|
|
"value": "https://www.virustotal.com/file/3105bf7916ab2e8bdf32f9a4f798c358b4d18da11bcc16f8f063c4b9c200f8b4/analysis/1495459538/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922ec56-a928-47e2-bb25-4f1902de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:49:10.000Z",
|
|
"modified": "2017-05-22T13:49:10.000Z",
|
|
"description": "- Xchecked via VT: 192b829bf7f6829549519168c173c931",
|
|
"pattern": "[file:hashes.SHA256 = 'e0573ec5a6ed61a6f38ab209e3d0d309b0c15af9dacc253240476c6899b5690b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:49:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922ec57-5ebc-43ec-9c92-460c02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:49:11.000Z",
|
|
"modified": "2017-05-22T13:49:11.000Z",
|
|
"description": "- Xchecked via VT: 192b829bf7f6829549519168c173c931",
|
|
"pattern": "[file:hashes.SHA1 = '551f953db4ba48452a4f7de9f5f7149c98ddf52f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T13:49:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5922ec57-091c-4adb-ae21-420702de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T13:49:11.000Z",
|
|
"modified": "2017-05-22T13:49:11.000Z",
|
|
"first_observed": "2017-05-22T13:49:11Z",
|
|
"last_observed": "2017-05-22T13:49:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5922ec57-091c-4adb-ae21-420702de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5922ec57-091c-4adb-ae21-420702de0b81",
|
|
"value": "https://www.virustotal.com/file/e0573ec5a6ed61a6f38ab209e3d0d309b0c15af9dacc253240476c6899b5690b/analysis/1495460018/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922f376-3e10-4493-896c-449c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T14:20:44.000Z",
|
|
"modified": "2017-05-22T14:20:44.000Z",
|
|
"pattern": "[domain-name:value = 'electua.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T14:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922f377-7ec4-4b74-a8a6-4284950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T14:20:44.000Z",
|
|
"modified": "2017-05-22T14:20:44.000Z",
|
|
"pattern": "[domain-name:value = 'everstruct.com.au']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T14:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922f377-9874-4243-b285-47ee950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T14:20:44.000Z",
|
|
"modified": "2017-05-22T14:20:44.000Z",
|
|
"pattern": "[domain-name:value = 'thegardiners.ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T14:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922f378-a584-4fb7-9810-458b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T14:20:44.000Z",
|
|
"modified": "2017-05-22T14:20:44.000Z",
|
|
"pattern": "[domain-name:value = 'tjhangtai.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T14:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922f378-e0c0-48c1-897a-471f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T14:19:36.000Z",
|
|
"modified": "2017-05-22T14:19:36.000Z",
|
|
"description": "electua.org",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '193.110.162.146']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T14:19:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5922f379-74b0-4dc4-8a6e-493e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:16.000Z",
|
|
"modified": "2017-05-26T12:57:16.000Z",
|
|
"first_observed": "2017-05-26T12:57:16Z",
|
|
"last_observed": "2017-05-26T12:57:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5922f379-74b0-4dc4-8a6e-493e950d210f",
|
|
"ipv4-addr--5922f379-74b0-4dc4-8a6e-493e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5922f379-74b0-4dc4-8a6e-493e950d210f",
|
|
"dst_ref": "ipv4-addr--5922f379-74b0-4dc4-8a6e-493e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5922f379-74b0-4dc4-8a6e-493e950d210f",
|
|
"value": "27.123.25.1"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5922f379-5778-475a-b239-482c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:15.000Z",
|
|
"modified": "2017-05-26T12:57:15.000Z",
|
|
"first_observed": "2017-05-26T12:57:15Z",
|
|
"last_observed": "2017-05-26T12:57:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5922f379-5778-475a-b239-482c950d210f",
|
|
"ipv4-addr--5922f379-5778-475a-b239-482c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5922f379-5778-475a-b239-482c950d210f",
|
|
"dst_ref": "ipv4-addr--5922f379-5778-475a-b239-482c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5922f379-5778-475a-b239-482c950d210f",
|
|
"value": "184.168.221.1"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5922f379-55cc-4bed-8b29-4670950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:15.000Z",
|
|
"modified": "2017-05-26T12:57:15.000Z",
|
|
"first_observed": "2017-05-26T12:57:15Z",
|
|
"last_observed": "2017-05-26T12:57:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5922f379-55cc-4bed-8b29-4670950d210f",
|
|
"ipv4-addr--5922f379-55cc-4bed-8b29-4670950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5922f379-55cc-4bed-8b29-4670950d210f",
|
|
"dst_ref": "ipv4-addr--5922f379-55cc-4bed-8b29-4670950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5922f379-55cc-4bed-8b29-4670950d210f",
|
|
"value": "69.90.160.230"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922f37a-2fb0-41ec-b08a-4bf0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T14:19:38.000Z",
|
|
"modified": "2017-05-22T14:19:38.000Z",
|
|
"description": "tjhangtai.com",
|
|
"pattern": "[network-traffic:dst_ref.type = 'ipv4-addr' AND network-traffic:dst_ref.value = '67.222.47.155']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T14:19:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922f37a-8780-4a14-aaaa-4682950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T14:20:44.000Z",
|
|
"modified": "2017-05-22T14:20:44.000Z",
|
|
"pattern": "[url:value = 'http://electua.org/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T14:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922f37b-b8c4-4745-ab98-45c3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T14:20:44.000Z",
|
|
"modified": "2017-05-22T14:20:44.000Z",
|
|
"pattern": "[url:value = 'http://everstruct.com.au/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T14:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922f37b-70d8-43b5-9105-4dfe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T14:20:44.000Z",
|
|
"modified": "2017-05-22T14:20:44.000Z",
|
|
"pattern": "[url:value = 'http://thegardiners.ca/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T14:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5922f37c-2874-47c0-b989-4e87950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-22T14:20:44.000Z",
|
|
"modified": "2017-05-22T14:20:44.000Z",
|
|
"pattern": "[url:value = 'http://tjhangtai.com/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-22T14:20:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5923f4b3-5c94-495f-a664-4103950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-23T08:37:57.000Z",
|
|
"modified": "2017-05-23T08:37:57.000Z",
|
|
"pattern": "[domain-name:value = 'dewatch.de']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-23T08:37:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5923f4b3-6d2c-4f74-a048-43e7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-23T08:37:57.000Z",
|
|
"modified": "2017-05-23T08:37:57.000Z",
|
|
"pattern": "[domain-name:value = 'way2lab.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-23T08:37:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5923f4b4-00ec-48d3-bc5f-4524950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:11.000Z",
|
|
"modified": "2017-05-26T12:57:11.000Z",
|
|
"first_observed": "2017-05-26T12:57:11Z",
|
|
"last_observed": "2017-05-26T12:57:11Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5923f4b4-00ec-48d3-bc5f-4524950d210f",
|
|
"ipv4-addr--5923f4b4-00ec-48d3-bc5f-4524950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5923f4b4-00ec-48d3-bc5f-4524950d210f",
|
|
"dst_ref": "ipv4-addr--5923f4b4-00ec-48d3-bc5f-4524950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5923f4b4-00ec-48d3-bc5f-4524950d210f",
|
|
"value": "81.169.145.105"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5923f4b4-99ac-4089-8b24-4a69950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:16.000Z",
|
|
"modified": "2017-05-26T12:57:16.000Z",
|
|
"first_observed": "2017-05-26T12:57:16Z",
|
|
"last_observed": "2017-05-26T12:57:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5923f4b4-99ac-4089-8b24-4a69950d210f",
|
|
"ipv4-addr--5923f4b4-99ac-4089-8b24-4a69950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5923f4b4-99ac-4089-8b24-4a69950d210f",
|
|
"dst_ref": "ipv4-addr--5923f4b4-99ac-4089-8b24-4a69950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5923f4b4-99ac-4089-8b24-4a69950d210f",
|
|
"value": "184.168.221.30"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5923f4b5-fa90-4f25-ad9f-4b5c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-26T12:57:16.000Z",
|
|
"modified": "2017-05-26T12:57:16.000Z",
|
|
"first_observed": "2017-05-26T12:57:16Z",
|
|
"last_observed": "2017-05-26T12:57:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5923f4b5-fa90-4f25-ad9f-4b5c950d210f",
|
|
"ipv4-addr--5923f4b5-fa90-4f25-ad9f-4b5c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5923f4b5-fa90-4f25-ad9f-4b5c950d210f",
|
|
"dst_ref": "ipv4-addr--5923f4b5-fa90-4f25-ad9f-4b5c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5923f4b5-fa90-4f25-ad9f-4b5c950d210f",
|
|
"value": "31.22.4.236"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5923f4b5-b050-45e7-8551-45cf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-23T08:37:57.000Z",
|
|
"modified": "2017-05-23T08:37:57.000Z",
|
|
"pattern": "[url:value = 'http://dewatch.de/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-23T08:37:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5923f4b6-1894-4f78-a383-4fb8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-23T08:37:57.000Z",
|
|
"modified": "2017-05-23T08:37:57.000Z",
|
|
"pattern": "[url:value = 'http://way2lab.com/jhg6fgh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-23T08:37:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |