6453 lines
No EOL
261 KiB
JSON
6453 lines
No EOL
261 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--592c3a88-9578-4f8a-8540-4fa5950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:37.000Z",
|
|
"modified": "2017-05-29T15:16:37.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "grouping",
|
|
"spec_version": "2.1",
|
|
"id": "grouping--592c3a88-9578-4f8a-8540-4fa5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:37.000Z",
|
|
"modified": "2017-05-29T15:16:37.000Z",
|
|
"name": "M2M - Fwd: Servers associated with port 23 scanning activity",
|
|
"context": "suspicious-activity",
|
|
"object_refs": [
|
|
"indicator--592c3a9e-a088-4dfd-9646-468d950d210f",
|
|
"indicator--592c3a9e-7cc0-4dac-b2b3-482e950d210f",
|
|
"indicator--592c3a9d-948c-4d0c-88ff-4fcf950d210f",
|
|
"indicator--592c3a9c-819c-486b-9d58-46cb950d210f",
|
|
"indicator--592c3a9b-b648-4f17-8ee0-43ca950d210f",
|
|
"indicator--592c3a99-a130-4b4a-bee5-46b2950d210f",
|
|
"indicator--592c3a98-241c-482d-9df3-4bdf950d210f",
|
|
"indicator--592c3a98-1394-4c6e-a991-4626950d210f",
|
|
"indicator--592c3a97-de00-4efc-a3ae-4b03950d210f",
|
|
"indicator--592c3a96-d5e8-4346-bd13-c158950d210f",
|
|
"indicator--592c3a94-4eb0-4925-b255-4c6d950d210f",
|
|
"indicator--592c3a94-8bb4-4f1c-bfa4-46e9950d210f",
|
|
"indicator--592c3a92-9014-4627-9b47-42bb950d210f",
|
|
"indicator--592c3a92-3968-47e5-84ab-4b89950d210f",
|
|
"indicator--592c3a91-3fb4-4a4b-a218-4ae7950d210f",
|
|
"indicator--592c3a96-eba4-4c83-8660-4755950d210f",
|
|
"indicator--592c3a95-d948-408b-b512-4d2b950d210f",
|
|
"indicator--592c3a90-cb18-4deb-86fc-4ac9950d210f",
|
|
"indicator--592c3a90-2a70-496a-b054-4804950d210f",
|
|
"indicator--592c3a8f-34dc-43cb-992a-4290950d210f",
|
|
"indicator--592c3a8e-5e48-49ef-a9ff-4693950d210f",
|
|
"indicator--592c3a8e-ade0-45c5-aa3b-48b3950d210f",
|
|
"indicator--592c3a8d-db14-4cd8-889b-46d6950d210f",
|
|
"indicator--592c3a8c-7468-4c24-a954-4275950d210f",
|
|
"indicator--592c3a8c-a640-4f63-af2c-4a81950d210f",
|
|
"indicator--592c3a8b-880c-4cd5-9606-4f51950d210f",
|
|
"indicator--592c3a8a-e75c-48a8-9f1c-4ad7950d210f",
|
|
"indicator--592c3a8a-e2b8-445f-89f2-c158950d210f",
|
|
"indicator--592c3aa2-8f48-4082-a39d-4602950d210f",
|
|
"indicator--592c3aa2-e91c-43b4-8cb5-4c63950d210f",
|
|
"indicator--592c3a9f-5528-40ca-aa4b-41aa950d210f",
|
|
"indicator--592c3aa0-0d64-44b6-9427-489c950d210f",
|
|
"indicator--592c3aa0-d690-4a37-83a7-4b2c950d210f",
|
|
"indicator--592c3aa1-45e4-489d-bbaf-4f5f950d210f",
|
|
"indicator--592c3aa4-e528-4836-a77e-4dec950d210f",
|
|
"indicator--592c3aa4-8854-48eb-9e33-41eb950d210f",
|
|
"indicator--592c3aa3-405c-4368-9b5c-46d0950d210f",
|
|
"indicator--592c3aa5-a4a0-4874-b929-4f7e950d210f",
|
|
"indicator--592c3aa6-3bd8-45ea-a6d8-4b4e950d210f",
|
|
"indicator--592c3aa6-adb0-4974-9d91-4c48950d210f",
|
|
"indicator--592c3aa7-0a64-4dd1-8618-47eb950d210f",
|
|
"indicator--592c3aa8-6e28-4276-a8e4-4744950d210f",
|
|
"indicator--592c3aa9-2a50-4c14-b55b-458a950d210f",
|
|
"indicator--592c3aa9-2060-4bd9-a02f-4b59950d210f",
|
|
"indicator--592c3aaa-64e4-44c6-9a56-4fa7950d210f",
|
|
"indicator--592c3aab-2ba8-46d0-b5b3-4003950d210f",
|
|
"indicator--592c3aab-57c0-44ad-b41c-4559950d210f",
|
|
"indicator--592c3aac-5e50-4cc6-b3ab-4917950d210f",
|
|
"indicator--592c3aad-70b0-430b-8399-4514950d210f",
|
|
"indicator--592c3aad-32cc-407f-914c-4e92950d210f",
|
|
"indicator--592c3aae-ef94-4f8d-962d-4954950d210f",
|
|
"indicator--592c3aaf-0f70-4294-98df-40dd950d210f",
|
|
"indicator--592c3ab0-404c-4343-9009-42a1950d210f",
|
|
"indicator--592c3ab0-9748-4f88-8745-41b5950d210f",
|
|
"indicator--592c3ab1-e714-441b-b9ec-4d06950d210f",
|
|
"indicator--592c3ab2-2bb8-4d38-b2bc-c158950d210f",
|
|
"indicator--592c3ab2-a394-4f41-8e45-421e950d210f",
|
|
"indicator--592c3ab3-c960-4324-b5e6-4705950d210f",
|
|
"indicator--592c3ab4-0a54-497d-8ee5-4696950d210f",
|
|
"indicator--592c3ab5-7ca0-4f1e-9c02-4c86950d210f",
|
|
"indicator--592c3ab5-3b58-4f98-8d3d-4b1b950d210f",
|
|
"indicator--592c3ab6-04bc-44f5-a4d1-4cde950d210f",
|
|
"indicator--592c3ab7-de74-42db-a5d3-4eee950d210f",
|
|
"indicator--592c3ab7-aae4-44ae-b2fd-4e71950d210f",
|
|
"indicator--592c3ab8-2678-4d2c-8283-41d9950d210f",
|
|
"indicator--592c3ab9-850c-4714-b082-4a08950d210f",
|
|
"indicator--592c3ab9-dc48-4836-b187-46d1950d210f",
|
|
"indicator--592c3aba-0a3c-40dc-becd-4885950d210f",
|
|
"indicator--592c3abc-9c68-49eb-a2db-44f9950d210f",
|
|
"indicator--592c3abc-39a4-403d-9dfb-4ee7950d210f",
|
|
"indicator--592c3abd-224c-4f8f-99f2-4030950d210f",
|
|
"indicator--592c3abe-9420-40d4-9dd4-4f69950d210f",
|
|
"indicator--592c3abe-0a64-45ab-a252-4777950d210f",
|
|
"indicator--592c3abf-6df8-400b-be2c-4bb5950d210f",
|
|
"indicator--592c3ac0-f1d8-4912-8dbb-487f950d210f",
|
|
"indicator--592c3ac0-090c-485a-8aa7-49ad950d210f",
|
|
"indicator--592c3ac1-f4bc-4a86-8abb-4288950d210f",
|
|
"indicator--592c3ac2-6244-409d-9b9e-4d72950d210f",
|
|
"indicator--592c3ac2-89e8-4629-8d90-c158950d210f",
|
|
"indicator--592c3ac3-fb68-452c-8432-42c8950d210f",
|
|
"indicator--592c3ac4-6e88-4247-aa22-4af9950d210f",
|
|
"indicator--592c3ac5-8978-4cba-8aa0-4a0d950d210f",
|
|
"indicator--592c3ac6-480c-4d2d-a85d-43f7950d210f",
|
|
"indicator--592c3ac6-4bb4-421c-813d-4ff2950d210f",
|
|
"indicator--592c3ac7-670c-41c8-92ab-c158950d210f",
|
|
"indicator--592c3ac8-8284-4309-9fc1-4265950d210f",
|
|
"indicator--592c3ac8-68a0-4222-898e-4743950d210f",
|
|
"indicator--592c3ac9-e690-4dbf-b015-4504950d210f",
|
|
"indicator--592c3aca-fa60-4565-bfce-491a950d210f",
|
|
"indicator--592c3aca-1114-4cc8-9605-4043950d210f",
|
|
"indicator--592c3acb-c98c-4ed0-87eb-4a4f950d210f",
|
|
"indicator--592c3acc-d300-458d-9516-4d12950d210f",
|
|
"indicator--592c3acd-137c-4357-811b-4b85950d210f",
|
|
"indicator--592c3acd-cefc-4072-804f-41a6950d210f",
|
|
"indicator--592c3ace-67f0-4ad4-97e2-43e9950d210f",
|
|
"indicator--592c3acf-7e70-4554-93c8-40ce950d210f",
|
|
"indicator--592c3ad0-3578-4577-8aa2-c158950d210f",
|
|
"indicator--592c3ad1-a408-4cd3-84c2-4f82950d210f",
|
|
"indicator--592c3ad1-8efc-48ee-8ef2-428a950d210f",
|
|
"indicator--592c3ad2-d8f0-4ec0-93be-4ca7950d210f",
|
|
"indicator--592c3ad4-19e0-44db-bcd5-4ec2950d210f",
|
|
"indicator--592c3ad5-31a8-4ac1-9abc-45fa950d210f",
|
|
"indicator--592c3ad6-e668-4895-811c-4be6950d210f",
|
|
"indicator--592c3ad6-b5a8-40cd-a9da-41e7950d210f",
|
|
"indicator--592c3ad7-d7b0-452e-99f9-4684950d210f",
|
|
"indicator--592c3ad8-9fac-4bac-a4d6-41a7950d210f",
|
|
"indicator--592c3ad8-5858-408b-ab26-4a34950d210f",
|
|
"indicator--592c3ada-9354-4d98-8d74-4e0c950d210f",
|
|
"indicator--592c3ada-5000-40d8-9d4a-42a5950d210f",
|
|
"indicator--592c3adb-ead4-410f-b65e-417b950d210f",
|
|
"indicator--592c3adc-b424-4fa7-8d05-40c1950d210f",
|
|
"indicator--592c3adc-3858-483c-8597-4c1c950d210f",
|
|
"indicator--592c3add-f57c-4b7c-8022-4906950d210f",
|
|
"indicator--592c3ade-0900-434f-a2f2-4de3950d210f",
|
|
"indicator--592c3ade-01c8-44e6-8e99-499a950d210f",
|
|
"indicator--592c3adf-f918-4f0a-bc0a-41f0950d210f",
|
|
"indicator--592c3ae0-8498-4356-9fbf-424c950d210f",
|
|
"indicator--592c3ae0-160c-47e2-8780-4f8d950d210f",
|
|
"indicator--592c3ae1-61c0-4b5b-995f-4011950d210f",
|
|
"indicator--592c3ae2-abcc-4065-aabf-485a950d210f",
|
|
"indicator--592c3ae2-beec-4f1e-86ce-4381950d210f",
|
|
"indicator--592c3ae4-0f44-4fbd-bb2a-43a5950d210f",
|
|
"indicator--592c3ae4-69a0-42a7-af85-4de6950d210f",
|
|
"indicator--592c3ae5-f280-4add-94a8-43a9950d210f",
|
|
"indicator--592c3ae6-4238-4129-8fe2-443b950d210f",
|
|
"indicator--592c3ae6-fa08-42ed-b706-40df950d210f",
|
|
"indicator--592c3ae7-2728-4d71-a44d-4e6e950d210f",
|
|
"indicator--592c3ae8-cda8-4c90-8718-4787950d210f",
|
|
"indicator--592c3ae9-42d0-4708-b661-4950950d210f",
|
|
"observed-data--592c3ae9-90e8-4178-b7cf-4112950d210f",
|
|
"network-traffic--592c3ae9-90e8-4178-b7cf-4112950d210f",
|
|
"ipv4-addr--592c3ae9-90e8-4178-b7cf-4112950d210f",
|
|
"indicator--592c3aea-a134-4934-a003-4747950d210f",
|
|
"indicator--592c3aeb-36c0-415b-9258-4b77950d210f",
|
|
"observed-data--592c3aec-f174-415c-bb9b-4c72950d210f",
|
|
"network-traffic--592c3aec-f174-415c-bb9b-4c72950d210f",
|
|
"ipv4-addr--592c3aec-f174-415c-bb9b-4c72950d210f",
|
|
"indicator--592c3aec-dfec-47a3-972d-4763950d210f",
|
|
"observed-data--592c3aee-e358-4b68-bd36-48ac950d210f",
|
|
"network-traffic--592c3aee-e358-4b68-bd36-48ac950d210f",
|
|
"ipv4-addr--592c3aee-e358-4b68-bd36-48ac950d210f",
|
|
"indicator--592c3aef-c4bc-487c-acdc-4baf950d210f",
|
|
"indicator--592c3aef-1bc4-45f1-939a-4e21950d210f",
|
|
"observed-data--592c3af0-1060-4a1f-9312-4d25950d210f",
|
|
"network-traffic--592c3af0-1060-4a1f-9312-4d25950d210f",
|
|
"ipv4-addr--592c3af0-1060-4a1f-9312-4d25950d210f",
|
|
"indicator--592c3af1-4924-447f-a1ea-44ad950d210f",
|
|
"indicator--592c3af1-aa70-44c2-a4d3-46a6950d210f",
|
|
"indicator--592c3af2-2e48-4363-90d5-470f950d210f",
|
|
"indicator--592c3af3-85e8-451b-bd41-4b22950d210f",
|
|
"indicator--592c3af3-8f98-4260-a3da-4ebe950d210f",
|
|
"observed-data--592c3af4-9e5c-4d10-9597-45a0950d210f",
|
|
"network-traffic--592c3af4-9e5c-4d10-9597-45a0950d210f",
|
|
"ipv4-addr--592c3af4-9e5c-4d10-9597-45a0950d210f",
|
|
"indicator--592c3af5-5168-4c09-a197-44a1950d210f",
|
|
"indicator--592c3af6-149c-41e9-ace4-4069950d210f",
|
|
"observed-data--592c3af7-1a84-4ba8-909b-44b0950d210f",
|
|
"network-traffic--592c3af7-1a84-4ba8-909b-44b0950d210f",
|
|
"ipv4-addr--592c3af7-1a84-4ba8-909b-44b0950d210f",
|
|
"indicator--592c3af7-cccc-41a5-b4d5-4e83950d210f",
|
|
"observed-data--592c3af8-2648-49f9-9afd-4c22950d210f",
|
|
"network-traffic--592c3af8-2648-49f9-9afd-4c22950d210f",
|
|
"ipv4-addr--592c3af8-2648-49f9-9afd-4c22950d210f",
|
|
"indicator--592c3af9-9250-4f37-835d-4019950d210f",
|
|
"observed-data--592c3afa-c9ac-4d8f-846b-4229950d210f",
|
|
"network-traffic--592c3afa-c9ac-4d8f-846b-4229950d210f",
|
|
"ipv4-addr--592c3afa-c9ac-4d8f-846b-4229950d210f",
|
|
"indicator--592c3afb-0320-4cce-982f-c158950d210f",
|
|
"indicator--592c3afc-069c-4d71-ad0f-4ab3950d210f",
|
|
"observed-data--592c3afd-fc10-4240-9cf9-4267950d210f",
|
|
"network-traffic--592c3afd-fc10-4240-9cf9-4267950d210f",
|
|
"ipv4-addr--592c3afd-fc10-4240-9cf9-4267950d210f",
|
|
"indicator--592c3afe-df50-4fd0-8473-4a4a950d210f",
|
|
"observed-data--592c3afe-6990-4102-92f9-4cf6950d210f",
|
|
"network-traffic--592c3afe-6990-4102-92f9-4cf6950d210f",
|
|
"ipv4-addr--592c3afe-6990-4102-92f9-4cf6950d210f",
|
|
"indicator--592c3aff-44b4-4c69-b162-c158950d210f",
|
|
"indicator--592c3b00-5d7c-43ae-9aee-4169950d210f",
|
|
"observed-data--592c3b00-54b0-4c02-bc81-4096950d210f",
|
|
"network-traffic--592c3b00-54b0-4c02-bc81-4096950d210f",
|
|
"ipv4-addr--592c3b00-54b0-4c02-bc81-4096950d210f",
|
|
"indicator--592c3b02-86a0-498a-9a1e-482b950d210f",
|
|
"indicator--592c3b02-cc88-4605-b5a8-4688950d210f",
|
|
"observed-data--592c3b03-03c4-4316-be41-421d950d210f",
|
|
"network-traffic--592c3b03-03c4-4316-be41-421d950d210f",
|
|
"ipv4-addr--592c3b03-03c4-4316-be41-421d950d210f",
|
|
"indicator--592c3b04-a7e4-4bd9-834d-426f950d210f",
|
|
"observed-data--592c3b04-24f4-4ad2-88cc-c158950d210f",
|
|
"network-traffic--592c3b04-24f4-4ad2-88cc-c158950d210f",
|
|
"ipv4-addr--592c3b04-24f4-4ad2-88cc-c158950d210f",
|
|
"indicator--592c3b05-1c58-482b-90aa-4478950d210f",
|
|
"observed-data--592c3b06-056c-4ede-8ce0-4609950d210f",
|
|
"network-traffic--592c3b06-056c-4ede-8ce0-4609950d210f",
|
|
"ipv4-addr--592c3b06-056c-4ede-8ce0-4609950d210f",
|
|
"indicator--592c3b06-ecb0-4621-804b-4e41950d210f",
|
|
"observed-data--592c3b07-bda8-4b20-91c1-440e950d210f",
|
|
"network-traffic--592c3b07-bda8-4b20-91c1-440e950d210f",
|
|
"ipv4-addr--592c3b07-bda8-4b20-91c1-440e950d210f",
|
|
"indicator--592c3b08-fb18-48e9-ba48-4606950d210f",
|
|
"observed-data--592c3b09-97f8-4c2c-aa38-435b950d210f",
|
|
"network-traffic--592c3b09-97f8-4c2c-aa38-435b950d210f",
|
|
"ipv4-addr--592c3b09-97f8-4c2c-aa38-435b950d210f",
|
|
"indicator--592c3b0a-60d4-48e6-aaea-476d950d210f",
|
|
"indicator--592c3b0c-ab70-4061-b429-4b00950d210f",
|
|
"observed-data--592c3b0c-4164-4379-96ea-4708950d210f",
|
|
"network-traffic--592c3b0c-4164-4379-96ea-4708950d210f",
|
|
"ipv4-addr--592c3b0c-4164-4379-96ea-4708950d210f",
|
|
"indicator--592c3b0d-840c-44b7-b55e-4a0e950d210f",
|
|
"indicator--592c3b0e-2d80-467d-ab0c-4fd3950d210f",
|
|
"observed-data--592c3b0e-0810-46bc-9294-40f1950d210f",
|
|
"network-traffic--592c3b0e-0810-46bc-9294-40f1950d210f",
|
|
"ipv4-addr--592c3b0e-0810-46bc-9294-40f1950d210f",
|
|
"indicator--592c3b0f-6808-429d-845b-422e950d210f",
|
|
"indicator--592c3b10-1fa0-41e2-a7d8-482d950d210f",
|
|
"indicator--592c3b10-40f4-469b-9e5e-4412950d210f",
|
|
"indicator--592c3b11-b494-4011-a239-4411950d210f",
|
|
"observed-data--592c3b12-a7c0-4118-bf7c-4c74950d210f",
|
|
"network-traffic--592c3b12-a7c0-4118-bf7c-4c74950d210f",
|
|
"ipv4-addr--592c3b12-a7c0-4118-bf7c-4c74950d210f",
|
|
"indicator--592c3b12-7e94-431d-ac74-4515950d210f",
|
|
"indicator--592c3b13-6b00-4bc2-9969-4d1a950d210f",
|
|
"indicator--592c3b14-8a70-4648-9be2-4bd8950d210f",
|
|
"observed-data--592c3b15-a94c-4569-acad-c158950d210f",
|
|
"network-traffic--592c3b15-a94c-4569-acad-c158950d210f",
|
|
"ipv4-addr--592c3b15-a94c-4569-acad-c158950d210f",
|
|
"indicator--592c3b16-aba4-48b4-9cc4-46f3950d210f",
|
|
"indicator--592c3b17-8800-4416-a287-4467950d210f",
|
|
"indicator--592c3b18-c610-4f7c-9f63-4ddf950d210f",
|
|
"indicator--592c3b19-0708-4363-8905-4410950d210f",
|
|
"indicator--592c3b1a-1b1c-49de-b546-48b4950d210f",
|
|
"indicator--592c3b1b-bc4c-40e6-b9b0-c158950d210f",
|
|
"indicator--592c3b1c-3c74-415c-abde-4453950d210f",
|
|
"indicator--592c3b1d-f974-4316-810d-4d26950d210f",
|
|
"indicator--592c3b1e-4c44-4eca-8337-4462950d210f",
|
|
"indicator--592c3b1f-c80c-4574-adb4-4aa0950d210f",
|
|
"indicator--592c3b21-f840-4f3b-aaac-c158950d210f",
|
|
"indicator--592c3b22-514c-4ac9-8d28-441e950d210f",
|
|
"indicator--592c3b24-53c4-4a79-ab18-4404950d210f",
|
|
"indicator--592c3b24-66d8-4515-84c0-44f0950d210f",
|
|
"indicator--592c3b25-00c0-4370-9cf1-4dfe950d210f",
|
|
"indicator--592c3b26-ec8c-44ff-bfa5-c158950d210f",
|
|
"indicator--592c3b27-d4d4-4305-af0a-4fd5950d210f",
|
|
"indicator--592c3b27-d89c-4356-bfe1-46a5950d210f",
|
|
"indicator--592c3b28-49c4-4632-8b9b-44c2950d210f",
|
|
"indicator--592c3b2a-8a28-49e4-9e36-42de950d210f",
|
|
"indicator--592c3b2a-53e0-4c57-a808-4796950d210f",
|
|
"indicator--592c3b2b-1988-4839-bb64-4fc8950d210f",
|
|
"indicator--592c3b2c-c4a4-41ff-9d0e-434b950d210f",
|
|
"indicator--592c3b2d-c1d0-4575-8a58-c158950d210f",
|
|
"indicator--592c3b2e-15c4-45ca-aa00-4606950d210f",
|
|
"indicator--592c3b2f-2e94-41c0-b851-4be4950d210f",
|
|
"indicator--592c3b30-4ad8-4584-a5ee-441c950d210f",
|
|
"indicator--592c3b30-76d4-43ff-8e5a-4251950d210f",
|
|
"indicator--592c3b31-e914-4706-8350-4135950d210f",
|
|
"indicator--592c3b32-59b0-4297-a708-4975950d210f",
|
|
"indicator--592c3b33-c148-4353-8452-4ea6950d210f",
|
|
"indicator--592c3b34-e7f0-4711-ba61-4c8c950d210f",
|
|
"indicator--592c3b35-3730-4b53-93d9-c158950d210f",
|
|
"observed-data--592c3b36-1fbc-42f5-8fbc-40fc950d210f",
|
|
"network-traffic--592c3b36-1fbc-42f5-8fbc-40fc950d210f",
|
|
"ipv4-addr--592c3b36-1fbc-42f5-8fbc-40fc950d210f",
|
|
"indicator--592c3b37-46f8-472f-afd3-4585950d210f",
|
|
"indicator--592c3b37-5958-4aea-b5c4-4408950d210f",
|
|
"indicator--592c3b38-f870-463f-b3d4-425e950d210f",
|
|
"indicator--592c3b39-aa3c-4f43-ae8f-43a4950d210f",
|
|
"indicator--592c3b3a-dfdc-4154-bddb-40d9950d210f",
|
|
"indicator--592c3b3b-b35c-4087-bcd3-4511950d210f",
|
|
"indicator--592c3b3b-a414-4199-9bcb-4131950d210f",
|
|
"indicator--592c3b3c-54b4-436c-9066-4532950d210f",
|
|
"indicator--592c3b3e-7638-4c97-b577-c158950d210f",
|
|
"indicator--592c3b3f-d1f0-49e6-8189-41c6950d210f",
|
|
"indicator--592c3b40-27cc-404d-b73b-4c1e950d210f",
|
|
"indicator--592c3b41-15b8-4c82-a07c-4540950d210f",
|
|
"observed-data--592c3b42-52ac-49f6-8e48-4a02950d210f",
|
|
"network-traffic--592c3b42-52ac-49f6-8e48-4a02950d210f",
|
|
"ipv4-addr--592c3b42-52ac-49f6-8e48-4a02950d210f",
|
|
"indicator--592c3b42-d5e4-4d6b-bde2-4762950d210f",
|
|
"indicator--592c3b43-84a8-4240-b9f2-4eb7950d210f",
|
|
"indicator--592c3b44-ee00-4158-9e7c-48fc950d210f",
|
|
"observed-data--592c3b44-170c-45bf-90fa-4a7e950d210f",
|
|
"network-traffic--592c3b44-170c-45bf-90fa-4a7e950d210f",
|
|
"ipv4-addr--592c3b44-170c-45bf-90fa-4a7e950d210f",
|
|
"indicator--592c3b46-6f04-491f-a0e1-4c3b950d210f",
|
|
"indicator--592c3b46-8894-48a3-8279-4c7f950d210f",
|
|
"indicator--592c3b48-0da4-4bd4-86ed-420e950d210f",
|
|
"indicator--592c3b48-5810-4f5c-a4be-4463950d210f",
|
|
"indicator--592c3b49-dbf0-4f54-8c8f-48fe950d210f",
|
|
"indicator--592c3b4a-e85c-4a7d-9902-4183950d210f",
|
|
"indicator--592c3b4a-808c-4ebe-ba58-49c2950d210f",
|
|
"indicator--592c3b4b-e574-4989-a0b8-4c04950d210f",
|
|
"indicator--592c3b4c-cbbc-47fc-aaa9-4e7d950d210f",
|
|
"indicator--592c3b4d-ae84-4238-af27-48b5950d210f",
|
|
"indicator--592c3b4d-08c4-423a-a202-47bc950d210f",
|
|
"indicator--592c3b51-449c-4c5b-9345-4fbd950d210f",
|
|
"observed-data--592c3b52-84d0-4206-acf9-4d50950d210f",
|
|
"network-traffic--592c3b52-84d0-4206-acf9-4d50950d210f",
|
|
"ipv4-addr--592c3b52-84d0-4206-acf9-4d50950d210f",
|
|
"indicator--592c3b52-5134-4c21-9592-4a3f950d210f",
|
|
"indicator--592c3b53-ab90-42d6-b11a-45fc950d210f",
|
|
"indicator--592c3b54-7784-4874-bce0-49d9950d210f",
|
|
"indicator--592c3b55-e1e8-4783-82a7-4ae5950d210f",
|
|
"indicator--592c3b55-a1bc-4f56-bef4-4acd950d210f"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a9e-a088-4dfd-9646-468d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:34.000Z",
|
|
"modified": "2017-05-29T15:13:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '1d4575d5adc33445cbec610ad5e3479a0355a79c5c60ad923cb0fee1570e8c7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a9e-7cc0-4dac-b2b3-482e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:34.000Z",
|
|
"modified": "2017-05-29T15:13:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '2831c27005fc8a01c8524a3f81c6f144f4edc982b7e89f1b95c169896b287579']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a9d-948c-4d0c-88ff-4fcf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:33.000Z",
|
|
"modified": "2017-05-29T15:13:33.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '34303f3725bde832adf44019b84a9b81e7b5264b3c12c2770c294ba470b72323']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a9c-819c-486b-9d58-46cb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:32.000Z",
|
|
"modified": "2017-05-29T15:13:32.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'd91365c23ec06335d39137620ac4fc9df8b050e10398d1fe639bae2d86f27ff9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a9b-b648-4f17-8ee0-43ca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:31.000Z",
|
|
"modified": "2017-05-29T15:13:31.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'f4f3e12566188886832411716074a33f62bfba8ee0c7eca1339fe68864d3e53b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a99-a130-4b4a-bee5-46b2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:29.000Z",
|
|
"modified": "2017-05-29T15:13:29.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7db5b6d8ca37dd0ac10b06a53f8d3f502332f591bc847bc39240c5cba0b64c7c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a98-241c-482d-9df3-4bdf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:28.000Z",
|
|
"modified": "2017-05-29T15:13:28.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '49111ccb44819f45f2c2122ea24a12eaa751a257541c9e5e2f4e6d0cfde9d72a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a98-1394-4c6e-a991-4626950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:28.000Z",
|
|
"modified": "2017-05-29T15:13:28.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'f34107144d1e191b9b5c711aaa44b5f74117ed8cb12f02b0f6c8ef2cef4eec54']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a97-de00-4efc-a3ae-4b03950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:27.000Z",
|
|
"modified": "2017-05-29T15:13:27.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'd83025661bfa1558efe70da2c7b523fafd48d56f905a0024ca02149c451d4bee']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a96-d5e8-4346-bd13-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:26.000Z",
|
|
"modified": "2017-05-29T15:13:26.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '09f68ccc03356e971af4e01930d4f7d65f5faf9c46f0f3a70052197e0bd7de61']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a94-4eb0-4925-b255-4c6d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:24.000Z",
|
|
"modified": "2017-05-29T15:13:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7676fad1d61ee073d93d4d7c4e1f3ccbe2ea5c970fb66b408c99c4d54068b612']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a94-8bb4-4f1c-bfa4-46e9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:24.000Z",
|
|
"modified": "2017-05-29T15:13:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '929fdfa764bc7eb72b1cfaed26e759863700991b0c39ba180ee7d92736767f1b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a92-9014-4627-9b47-42bb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:22.000Z",
|
|
"modified": "2017-05-29T15:13:22.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '23a3e1b662b12882fc2c605880766bec1e632e13b463371f880380f46d17bdc9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a92-3968-47e5-84ab-4b89950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:22.000Z",
|
|
"modified": "2017-05-29T15:13:22.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'bf37e168202d36c169f71002a2f38fda081080913f8151a37db0bea0153e80f3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a91-3fb4-4a4b-a218-4ae7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:21.000Z",
|
|
"modified": "2017-05-29T15:13:21.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '3f3a89d0fd83b16c40f4a26e06a789604a723b856a8cf7840a8ef711803cce91']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a96-eba4-4c83-8660-4755950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:26.000Z",
|
|
"modified": "2017-05-29T15:13:26.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '504743a3ba7ed9adbd7197b7644e76fca840cb670d8b58e3446e4842c4243a5c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a95-d948-408b-b512-4d2b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:25.000Z",
|
|
"modified": "2017-05-29T15:13:25.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'eca1d792e44f50b8e5432dce29c68f59d15864dd4b9bc3041c1e695c94bf02b6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a90-cb18-4deb-86fc-4ac9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:20.000Z",
|
|
"modified": "2017-05-29T15:13:20.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '59e97441701878a1dfdd6da2bdbdd85ada82e87a372b36343d572c91c1a94d3d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a90-2a70-496a-b054-4804950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:20.000Z",
|
|
"modified": "2017-05-29T15:13:20.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c50943718847e87fe06451e65119feb8a88570a21c9312c49737807e9a667827']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a8f-34dc-43cb-992a-4290950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:19.000Z",
|
|
"modified": "2017-05-29T15:13:19.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '488a5b2a5c66b16ddddd4d5fcf5db93eca6952954043478b1c6d46b7fb197cc6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a8e-5e48-49ef-a9ff-4693950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:18.000Z",
|
|
"modified": "2017-05-29T15:13:18.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '6a2f6b28c125bffb1db9fa6b7fde1caa469d99b065475d8211dd92f78532c2d3']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a8e-ade0-45c5-aa3b-48b3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:18.000Z",
|
|
"modified": "2017-05-29T15:13:18.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '1580ffa5974fd20a1ed4e3aff49558cb1ebe9d7e1152a58fbfeb190be6804412']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a8d-db14-4cd8-889b-46d6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:17.000Z",
|
|
"modified": "2017-05-29T15:13:17.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'dae2dbd47fa7dd6937dc25b23e549e90cbd6608e4a7117c167d27583746fe469']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a8c-7468-4c24-a954-4275950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:16.000Z",
|
|
"modified": "2017-05-29T15:13:16.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'b6bd59b9a92ce22f8e871eb50c2f45bd83dcb943b5a9e36562756011a921a624']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a8c-a640-4f63-af2c-4a81950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:16.000Z",
|
|
"modified": "2017-05-29T15:13:16.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'fc4994de0fcc5c1a4ee8229ab27d17826319ca62e648e081a1028585e1e546b7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a8b-880c-4cd5-9606-4f51950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:15.000Z",
|
|
"modified": "2017-05-29T15:13:15.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '89a169820777520c8f26de75cb768cf27b37482f980331a969a114ee85b4bdb2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a8a-e75c-48a8-9f1c-4ad7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:14.000Z",
|
|
"modified": "2017-05-29T15:13:14.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '26bbb22b0f1971c73356ca6aa520fb4a94b347d28a95cdb3d953932542671c74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a8a-e2b8-445f-89f2-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:14.000Z",
|
|
"modified": "2017-05-29T15:13:14.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '4d1d3017b11e0ec274843ebe0e46e95cd8be536fabfc402d158974fd108e71af']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa2-8f48-4082-a39d-4602950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:38.000Z",
|
|
"modified": "2017-05-29T15:13:38.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'dd34c55eda5bf1bcfb189f957173c4fc60a68d1b5bd73e844eba49ad0a414c4a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa2-e91c-43b4-8cb5-4c63950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:38.000Z",
|
|
"modified": "2017-05-29T15:13:38.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '36dfc8e7ff48cf14013c857cade05224321e548f7959257061aba396632c39f8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3a9f-5528-40ca-aa4b-41aa950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:35.000Z",
|
|
"modified": "2017-05-29T15:13:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'e0f3bcd3feeb05882dbd3a3ea46e55d7a3fa7f2c9729216e75863fe587ab8d72']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa0-0d64-44b6-9427-489c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:36.000Z",
|
|
"modified": "2017-05-29T15:13:36.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '0028a60cb275b3a1b71b3dd50deda4e80966f28ff8ba5360f0ad0d16769ef128']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa0-d690-4a37-83a7-4b2c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:36.000Z",
|
|
"modified": "2017-05-29T15:13:36.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7cd2e1ce91629f18e7292047892bde90a327da6c32ea7c9284057b046b5e8370']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa1-45e4-489d-bbaf-4f5f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:37.000Z",
|
|
"modified": "2017-05-29T15:13:37.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'd047c8672d630c4bc0ee7baec367dec4f56f7ed09bd26265140c4798cd4d4e1c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa4-e528-4836-a77e-4dec950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:40.000Z",
|
|
"modified": "2017-05-29T15:13:40.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '6032fa8d9ab41ac02d746726f080fba18642826980ad26157f71934806346b8e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa4-8854-48eb-9e33-41eb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:40.000Z",
|
|
"modified": "2017-05-29T15:13:40.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7420cbc362bb3c4ad2bca68f82fbfdfe2704bb5c0913b539ed6033b0d818eb6e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa3-405c-4368-9b5c-46d0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:39.000Z",
|
|
"modified": "2017-05-29T15:13:39.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '88df93af98dc84b4e515c1a123862a0c342d6d051b092788762b450c01851c74']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa5-a4a0-4874-b929-4f7e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:41.000Z",
|
|
"modified": "2017-05-29T15:13:41.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '8a0ce3e2adefd898ab70693e69ed84c25ce96b3ca1660b40d8cb3cfacfb4bcef']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa6-3bd8-45ea-a6d8-4b4e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:42.000Z",
|
|
"modified": "2017-05-29T15:13:42.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'efdcbbff66d74281a0262eef5180b4540860252cd0c8b9895c975d03fe3f1dbc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa6-adb0-4974-9d91-4c48950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:42.000Z",
|
|
"modified": "2017-05-29T15:13:42.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'ba43f4cc9e15b59a3da7df13c2d35d2e5bcfb6584fba52cb3c7175edbdd02980']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa7-0a64-4dd1-8618-47eb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:43.000Z",
|
|
"modified": "2017-05-29T15:13:43.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '9ebf0ca6f2150456059ec598c25274ff1b1dd1deb392a089064a704f6df985e9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa8-6e28-4276-a8e4-4744950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:44.000Z",
|
|
"modified": "2017-05-29T15:13:44.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7b49af00b9fff8177cce148868612defd9053891dc6964ae6d258c003b7ea586']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa9-2a50-4c14-b55b-458a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:45.000Z",
|
|
"modified": "2017-05-29T15:13:45.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c895d1553ea309193628adbeaca7c8fb8f52a6c70ade5ac1838778730ada266b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aa9-2060-4bd9-a02f-4b59950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:45.000Z",
|
|
"modified": "2017-05-29T15:13:45.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '6c71445a77d08e648effa0e8b45b4e6fe8827088222dd1f06b58ec50fc28b004']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aaa-64e4-44c6-9a56-4fa7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:46.000Z",
|
|
"modified": "2017-05-29T15:13:46.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'a79c444edd3ef619f3d54e1e92d551b858eaf36585e1c53b64300e70c212ba55']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aab-2ba8-46d0-b5b3-4003950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:47.000Z",
|
|
"modified": "2017-05-29T15:13:47.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'a50dcd0f2512881031c176640ae89f23950eb2dd4b13c5084df6d80a513603b4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aab-57c0-44ad-b41c-4559950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:47.000Z",
|
|
"modified": "2017-05-29T15:13:47.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'b1c0888704425429281c825ea4be8b412f1f08b507d41a035cf637424aa39dc9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aac-5e50-4cc6-b3ab-4917950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:48.000Z",
|
|
"modified": "2017-05-29T15:13:48.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '1e4ea9541f937d77ed52552120262a74b2b029c5dc65028b8449fdfc515d1f0e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aad-70b0-430b-8399-4514950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:49.000Z",
|
|
"modified": "2017-05-29T15:13:49.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '1b20df8df7f84ad29d81ccbe276f49a6488c2214077b13da858656c027531c80']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aad-32cc-407f-914c-4e92950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:49.000Z",
|
|
"modified": "2017-05-29T15:13:49.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '3a85174be47f280304e515fd9ff358ee801d77bd9267993a0f6322e513676ea5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aae-ef94-4f8d-962d-4954950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:50.000Z",
|
|
"modified": "2017-05-29T15:13:50.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '401ae7f71bfd16f5343c2ab6396e8e3e9e6c1ac29a1d0467b6bf102d01bbfbfd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aaf-0f70-4294-98df-40dd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:51.000Z",
|
|
"modified": "2017-05-29T15:13:51.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'ff3a5cb82c0d5b894eda17fe4288029ebc1bb5371e3cea6afca963abb0dd85c9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab0-404c-4343-9009-42a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:52.000Z",
|
|
"modified": "2017-05-29T15:13:52.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'd5056a766c12ab50404fcade3572adae2b9bd716dbc41c4ccb73e1d154e45852']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab0-9748-4f88-8745-41b5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:52.000Z",
|
|
"modified": "2017-05-29T15:13:52.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '5819f7d87695a52c407f8cbba1028f8bccf5144e4005fec5d8fbabe43bb61c94']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab1-e714-441b-b9ec-4d06950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:53.000Z",
|
|
"modified": "2017-05-29T15:13:53.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '2ba49f48d16dfffbaf4065b83f483f17f98344e08d9f94d8d552442c03b1ab20']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:53Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab2-2bb8-4d38-b2bc-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:54.000Z",
|
|
"modified": "2017-05-29T15:13:54.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'e99e0aaf085c6a0569624345e67b4f546597494e8a65c2ef1f7b07755b8c6949']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab2-a394-4f41-8e45-421e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:54.000Z",
|
|
"modified": "2017-05-29T15:13:54.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'b8bc53bb70dac351890c5834a6a498213c4a8d3aab4720f9189f5fec5983106e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab3-c960-4324-b5e6-4705950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:55.000Z",
|
|
"modified": "2017-05-29T15:13:55.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '0c4eaf72092beeb8769bc6286aeae24256df3c2f0fe58bf4c4d11d3db3fae59b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab4-0a54-497d-8ee5-4696950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:56.000Z",
|
|
"modified": "2017-05-29T15:13:56.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '3465e0045f3b462b02d0f9426e0f10c68b4a1cb3c411dd35b92c3c95681701c6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab5-7ca0-4f1e-9c02-4c86950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:57.000Z",
|
|
"modified": "2017-05-29T15:13:57.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '6ed2f72357e696a4572fc8b91b5f1e8dc5581dd6faa9ae93af06cd2b24e4bc65']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab5-3b58-4f98-8d3d-4b1b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:57.000Z",
|
|
"modified": "2017-05-29T15:13:57.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '8f2479bbcb7077d2dddcb9509ffeff7cc4f8d29fcb67d4c3c64526aa2bb4cb56']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab6-04bc-44f5-a4d1-4cde950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:58.000Z",
|
|
"modified": "2017-05-29T15:13:58.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '9eea1612d080a8146ef1bd84cf4dce73a22fe71999667b710c163f0a73da274c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab7-de74-42db-a5d3-4eee950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:59.000Z",
|
|
"modified": "2017-05-29T15:13:59.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'a1c84ae023c742be66419e5aaa1a4571aa4d81d74bca58cbcbe1bdc1ad157cb5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab7-aae4-44ae-b2fd-4e71950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:13:59.000Z",
|
|
"modified": "2017-05-29T15:13:59.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'dcd8a4670e969ec04b67d130c08d42a8c1cbfcfcc02c42a94ae9045d92ee2034']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:13:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab8-2678-4d2c-8283-41d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:00.000Z",
|
|
"modified": "2017-05-29T15:14:00.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '375f17ccb9eeb41828b75ede1080e2f8922bf87212c04d021da3db9400cddbc8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab9-850c-4714-b082-4a08950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:01.000Z",
|
|
"modified": "2017-05-29T15:14:01.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '12298a5550bfae845aa2ec091c287a4becd7b9a013f3cdfc514261cd91f99734']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ab9-dc48-4836-b187-46d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:01.000Z",
|
|
"modified": "2017-05-29T15:14:01.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'f0dd1cba6d5fa4378fbfe72a3a340a953badecec9f73650774677bf14c5d7643']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aba-0a3c-40dc-becd-4885950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:02.000Z",
|
|
"modified": "2017-05-29T15:14:02.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'e28a8dc9ce4bcf6d436e771284c30175a3fabb0beca94e00af05ba5a4a19c7a6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3abc-9c68-49eb-a2db-44f9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:04.000Z",
|
|
"modified": "2017-05-29T15:14:04.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'fdd30ff646b855d814b04fb04cf9e6c9dbd950bcd141ea29a102cc0f58c17af2']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3abc-39a4-403d-9dfb-4ee7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:04.000Z",
|
|
"modified": "2017-05-29T15:14:04.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'bc3b3ed17a244cc835dbf99f9872f8c778c10a74ff09c359f93857b3ac899a18']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3abd-224c-4f8f-99f2-4030950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:05.000Z",
|
|
"modified": "2017-05-29T15:14:05.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'dc755293c8f0a55369dcb89869adf95ea9f0353009ff098051d34a129ccc5f71']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3abe-9420-40d4-9dd4-4f69950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:06.000Z",
|
|
"modified": "2017-05-29T15:14:06.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '4dcad7d9ce8d5868281c4fc497a928ac8ffd16e895ada7389be9e17449b25652']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3abe-0a64-45ab-a252-4777950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:06.000Z",
|
|
"modified": "2017-05-29T15:14:06.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '77a8805d5fb12d6a4b575be1feb4a9c45688973651eea239907c53afd8d845d4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:06Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3abf-6df8-400b-be2c-4bb5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:07.000Z",
|
|
"modified": "2017-05-29T15:14:07.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '149dbf6ff2141167312fa7eabbcf48066db072bb9f23deeb12d3723246f4d26d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ac0-f1d8-4912-8dbb-487f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:08.000Z",
|
|
"modified": "2017-05-29T15:14:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '52f25c4e08a80b740806322d52ed5b120b2c0eae094946d452bd45a494b09fd6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ac0-090c-485a-8aa7-49ad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:08.000Z",
|
|
"modified": "2017-05-29T15:14:08.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '06c235413370e243051ac0104c28bd90fd18d896c783e98283fb64977887f411']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ac1-f4bc-4a86-8abb-4288950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:09.000Z",
|
|
"modified": "2017-05-29T15:14:09.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '922d7fc086f037d90d0266526a4f1d95c281dc278553a0f3a4a36aae29f3354e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ac2-6244-409d-9b9e-4d72950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:10.000Z",
|
|
"modified": "2017-05-29T15:14:10.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '991fe0a490cf85a83a93a744838edf9da53fa474efe6314b50336eb589f07c48']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ac2-89e8-4629-8d90-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:10.000Z",
|
|
"modified": "2017-05-29T15:14:10.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'c1034cd0c8d0c3d43c508f06c4d98c3be174581a4b6fe3f06bc523f588e08a4b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ac3-fb68-452c-8432-42c8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:11.000Z",
|
|
"modified": "2017-05-29T15:14:11.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'f684470dafcf21154905d656e0adc274d5b30705c6b85f619f9855284e9bf14a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ac4-6e88-4247-aa22-4af9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:12.000Z",
|
|
"modified": "2017-05-29T15:14:12.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'eaed577de21d37e92ce798689d14cef31f839a63ec40eada92e4fde7c76e027c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ac5-8978-4cba-8aa0-4a0d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:13.000Z",
|
|
"modified": "2017-05-29T15:14:13.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '442b3a646f7500f31efdd129da2997705f6836251a81f76721df009f3304db06']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:13Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ac6-480c-4d2d-a85d-43f7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:14.000Z",
|
|
"modified": "2017-05-29T15:14:14.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '8ba2246e89c1c9dda1c9231025cd009ba7d196fb1f42fc6be0f675b90a38cd8d']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ac6-4bb4-421c-813d-4ff2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:14.000Z",
|
|
"modified": "2017-05-29T15:14:14.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'bc4b72de900b982efee2396b7d81d856f0db1b4888a11ac718f59c0c3f5ec799']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ac7-670c-41c8-92ab-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:15.000Z",
|
|
"modified": "2017-05-29T15:14:15.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '64319a798950c0637b9e879374602707a1ecd12dec32bd76309d05bf78a86f26']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ac8-8284-4309-9fc1-4265950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:16.000Z",
|
|
"modified": "2017-05-29T15:14:16.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '9edcd1b56a396e740019991b064143a8a7de7fd01b15452e199345d6924ec611']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ac8-68a0-4222-898e-4743950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:16.000Z",
|
|
"modified": "2017-05-29T15:14:16.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'dd696a7732e11bb67e8f32670cdf4cb88f8ac06dbc0ca306d933ca3599a1e042']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ac9-e690-4dbf-b015-4504950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:17.000Z",
|
|
"modified": "2017-05-29T15:14:17.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '6013371bb343ac664d10d69eb4eef9a7e66d769daa1b05a72090752bde0f9144']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aca-fa60-4565-bfce-491a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:18.000Z",
|
|
"modified": "2017-05-29T15:14:18.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'a759e4d8362d7423e63388b234e60076f506768dad41ab00789b8c0610f100f9']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aca-1114-4cc8-9605-4043950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:18.000Z",
|
|
"modified": "2017-05-29T15:14:18.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '9e22f98227292851e35550cefa612724c2cc96b61d0b5cd2d4f49bd46255449a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3acb-c98c-4ed0-87eb-4a4f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:19.000Z",
|
|
"modified": "2017-05-29T15:14:19.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'cfc929cd49e24589a6425d4ed95e7ffefc527f59570216e6739cfd0d90200cdc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3acc-d300-458d-9516-4d12950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:20.000Z",
|
|
"modified": "2017-05-29T15:14:20.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '5e68e363783f3b573a7a6b74bf781e08fc11a22349cf905981ead7378d7fa9df']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3acd-137c-4357-811b-4b85950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:21.000Z",
|
|
"modified": "2017-05-29T15:14:21.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '592b8e2597e20db8898a6180de4193180c6db54d6ea03ae8d12228b31548b805']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3acd-cefc-4072-804f-41a6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:21.000Z",
|
|
"modified": "2017-05-29T15:14:21.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '6cc61fdd6a01090effd25772658a69e864a56c1c1422832a3cbce95a2a048f07']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:21Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ace-67f0-4ad4-97e2-43e9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:22.000Z",
|
|
"modified": "2017-05-29T15:14:22.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'f7b1b8376556adc1852f99534d481d490c387cffabbd605bddb2ab129edf7fc7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3acf-7e70-4554-93c8-40ce950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:23.000Z",
|
|
"modified": "2017-05-29T15:14:23.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '697e4a24ab48f845bc02f517917bfe7680c9aa5de225eb6ef13087a80865abbe']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:23Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ad0-3578-4577-8aa2-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:24.000Z",
|
|
"modified": "2017-05-29T15:14:24.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'dc62eadc50a98b1dcec1254b9151e9fdd36152d954f0780bbe5cd8d3090759fa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ad1-a408-4cd3-84c2-4f82950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:25.000Z",
|
|
"modified": "2017-05-29T15:14:25.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '6e91568979df730e37dbe545d96e51947769a568d7a911b2d7e2bc0f7efbbdf0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ad1-8efc-48ee-8ef2-428a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:25.000Z",
|
|
"modified": "2017-05-29T15:14:25.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '78c40399cce98a79090c0ea7d505f84369be0e481b70ac46ec4d6bf2127f9842']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ad2-d8f0-4ec0-93be-4ca7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:26.000Z",
|
|
"modified": "2017-05-29T15:14:26.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '1b714a7fd925931386095d492ac75406240a99473fa7ee9359caab4650f5dcac']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ad4-19e0-44db-bcd5-4ec2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:28.000Z",
|
|
"modified": "2017-05-29T15:14:28.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '3f189df29ce11435208efc124bc77902aa67c12c525cab5a32dc5b64d9f86e9a']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ad5-31a8-4ac1-9abc-45fa950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:29.000Z",
|
|
"modified": "2017-05-29T15:14:29.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '99502a4127e9851b4a4f620fd2fc751d864f969dedb62791d483feaa2a6ae093']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ad6-e668-4895-811c-4be6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:30.000Z",
|
|
"modified": "2017-05-29T15:14:30.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7beeb8e1432d1bb7bd9694f65239d4af9bc8cb716ba7cab1343c2660ee5e75db']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ad6-b5a8-40cd-a9da-41e7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:30.000Z",
|
|
"modified": "2017-05-29T15:14:30.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '56a4cb6edd8d32a2c8c68c2cde365899429b0e18ff332856c2db9b340f98be98']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ad7-d7b0-452e-99f9-4684950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:31.000Z",
|
|
"modified": "2017-05-29T15:14:31.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7edec914ebce9f32b6d985acc048219de9fda39ed8bc9295fdea29dbb9bf60f7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ad8-9fac-4bac-a4d6-41a7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:32.000Z",
|
|
"modified": "2017-05-29T15:14:32.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'e01d880bb6864936ad8a2a130e31627fbcc0858bd12f6bd28a01ec4b3f2f29e4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ad8-5858-408b-ab26-4a34950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:32.000Z",
|
|
"modified": "2017-05-29T15:14:32.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '2dc5f5011305ac75d382c53ada77e58af017000e15aea30bc9aeb287c1937a33']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ada-9354-4d98-8d74-4e0c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:34.000Z",
|
|
"modified": "2017-05-29T15:14:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '0e211065edc39ac5ab9e7526bf05971980552b346b4ccd9a83331ad5e0b3ea76']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ada-5000-40d8-9d4a-42a5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:34.000Z",
|
|
"modified": "2017-05-29T15:14:34.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '22c4c9f7bca16b80050c3bd0774ccbad26a71f5f4ffcc51b82eadd5d323387bd']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3adb-ead4-410f-b65e-417b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:35.000Z",
|
|
"modified": "2017-05-29T15:14:35.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '8b1e95fe531ed4d451e22fccd7e8cbfa249f542db37ea621c054d759cb657055']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3adc-b424-4fa7-8d05-40c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:36.000Z",
|
|
"modified": "2017-05-29T15:14:36.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'fc274c440954257e4f75ee7e5883740a38b5acf927b37c0cb30feec4f1838a70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3adc-3858-483c-8597-4c1c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:36.000Z",
|
|
"modified": "2017-05-29T15:14:36.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '7398b09bd137f5b4c21bc8c9ac160c73a1b2694b5b21d8d1eacc2138af4002dc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3add-f57c-4b7c-8022-4906950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:37.000Z",
|
|
"modified": "2017-05-29T15:14:37.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'ca5dc8e2ab2a6017584cd71091961dbd31a7788c862ff82d6b2ae47038925f08']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ade-0900-434f-a2f2-4de3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:38.000Z",
|
|
"modified": "2017-05-29T15:14:38.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '1c9a38565b40017051269a7cc37696127622de66f45961042a3f7e53596fed10']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ade-01c8-44e6-8e99-499a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:38.000Z",
|
|
"modified": "2017-05-29T15:14:38.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '6d9bcc55e8c8d7fccb6c9c691c293f00546846e9afcbf9b85fcefc1d7878cc1e']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3adf-f918-4f0a-bc0a-41f0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:39.000Z",
|
|
"modified": "2017-05-29T15:14:39.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '4f9c459429176708614721d79b0257db27bdc20a9eb7fb5327f89286614f7140']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ae0-8498-4356-9fbf-424c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:40.000Z",
|
|
"modified": "2017-05-29T15:14:40.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '3637cde0a8edcf49a018069e7c71efbdaeac6b0a48939c9c62d888641c4fa345']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ae0-160c-47e2-8780-4f8d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:40.000Z",
|
|
"modified": "2017-05-29T15:14:40.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '77d4bc7f3520dd8dad35f0ec598e9134648b5ac8b8307978286905804d029f49']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ae1-61c0-4b5b-995f-4011950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:41.000Z",
|
|
"modified": "2017-05-29T15:14:41.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '15d4114de49f969fd58808c29db6de382b75808d36abfaff0330e6bfe3cb406f']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ae2-abcc-4065-aabf-485a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:42.000Z",
|
|
"modified": "2017-05-29T15:14:42.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '99475689686377bb5a5849c307cbde1a4a0f84f108bfd97180e9eab0f800cee0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ae2-beec-4f1e-86ce-4381950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:42.000Z",
|
|
"modified": "2017-05-29T15:14:42.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'ba1c0cb0526b21fd33ddaf6676568f35506145ea06c501da1be0ab0bab918602']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ae4-0f44-4fbd-bb2a-43a5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:44.000Z",
|
|
"modified": "2017-05-29T15:14:44.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '2caf644be3de7c8f76117766035614eb17cd9f3ced10f20c0d7f2ed8dab5bc70']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ae4-69a0-42a7-af85-4de6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:44.000Z",
|
|
"modified": "2017-05-29T15:14:44.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '3eae38086ac42ceb673ea740f2f645f2e8bd2823c031dbf7e2e4c6f8714ce4e6']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:44Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ae5-f280-4add-94a8-43a9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:45.000Z",
|
|
"modified": "2017-05-29T15:14:45.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '35930482449accdeb386b19cc6be09c425dac3006df8e701d0a08c8ad3065806']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ae6-4238-4129-8fe2-443b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:46.000Z",
|
|
"modified": "2017-05-29T15:14:46.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'd9593c963cf346ec1b7fe6a3f676814b0c550cdcfd663a27805c167b4cc22a51']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ae6-fa08-42ed-b706-40df950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:46.000Z",
|
|
"modified": "2017-05-29T15:14:46.000Z",
|
|
"pattern": "[file:hashes.SHA256 = '3c788723e15668e871de966fe10e2665c65cd338d04b0201cc8f610c464fa3b5']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ae7-2728-4d71-a44d-4e6e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:47.000Z",
|
|
"modified": "2017-05-29T15:14:47.000Z",
|
|
"pattern": "[file:hashes.SHA256 = 'b1eef0129c247c422d05176f27d10e25785d91e3c73aa72a76edc1c178813101']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:47Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ae8-cda8-4c90-8718-4787950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:48.000Z",
|
|
"modified": "2017-05-29T15:14:48.000Z",
|
|
"pattern": "[url:value = 'http://online.upmirai.club/bady/miraint']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3ae9-42d0-4708-b661-4950950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:49.000Z",
|
|
"modified": "2017-05-29T15:14:49.000Z",
|
|
"pattern": "[domain-name:value = 'online.upmirai.club']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3ae9-90e8-4178-b7cf-4112950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:49.000Z",
|
|
"modified": "2017-05-29T15:14:49.000Z",
|
|
"first_observed": "2017-05-29T15:14:49Z",
|
|
"last_observed": "2017-05-29T15:14:49Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3ae9-90e8-4178-b7cf-4112950d210f",
|
|
"ipv4-addr--592c3ae9-90e8-4178-b7cf-4112950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3ae9-90e8-4178-b7cf-4112950d210f",
|
|
"dst_ref": "ipv4-addr--592c3ae9-90e8-4178-b7cf-4112950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3ae9-90e8-4178-b7cf-4112950d210f",
|
|
"value": "45.76.161.196"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aea-a134-4934-a003-4747950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:50.000Z",
|
|
"modified": "2017-05-29T15:14:50.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aeb-36c0-415b-9258-4b77950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:51.000Z",
|
|
"modified": "2017-05-29T15:14:51.000Z",
|
|
"pattern": "[url:value = 'http://43.249.206.211/bins/5.jpg']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3aec-f174-415c-bb9b-4c72950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:52.000Z",
|
|
"modified": "2017-05-29T15:14:52.000Z",
|
|
"first_observed": "2017-05-29T15:14:52Z",
|
|
"last_observed": "2017-05-29T15:14:52Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3aec-f174-415c-bb9b-4c72950d210f",
|
|
"ipv4-addr--592c3aec-f174-415c-bb9b-4c72950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3aec-f174-415c-bb9b-4c72950d210f",
|
|
"dst_ref": "ipv4-addr--592c3aec-f174-415c-bb9b-4c72950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3aec-f174-415c-bb9b-4c72950d210f",
|
|
"value": "43.249.206.211"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aec-dfec-47a3-972d-4763950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:52.000Z",
|
|
"modified": "2017-05-29T15:14:52.000Z",
|
|
"pattern": "[url:value = 'http://43.249.206.170/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3aee-e358-4b68-bd36-48ac950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:54.000Z",
|
|
"modified": "2017-05-29T15:14:54.000Z",
|
|
"first_observed": "2017-05-29T15:14:54Z",
|
|
"last_observed": "2017-05-29T15:14:54Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3aee-e358-4b68-bd36-48ac950d210f",
|
|
"ipv4-addr--592c3aee-e358-4b68-bd36-48ac950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3aee-e358-4b68-bd36-48ac950d210f",
|
|
"dst_ref": "ipv4-addr--592c3aee-e358-4b68-bd36-48ac950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3aee-e358-4b68-bd36-48ac950d210f",
|
|
"value": "43.249.206.170"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aef-c4bc-487c-acdc-4baf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:55.000Z",
|
|
"modified": "2017-05-29T15:14:55.000Z",
|
|
"pattern": "[url:value = 'http://linuxmessage.com/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aef-1bc4-45f1-939a-4e21950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:55.000Z",
|
|
"modified": "2017-05-29T15:14:55.000Z",
|
|
"pattern": "[domain-name:value = 'linuxmessage.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3af0-1060-4a1f-9312-4d25950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:56.000Z",
|
|
"modified": "2017-05-29T15:14:56.000Z",
|
|
"first_observed": "2017-05-29T15:14:56Z",
|
|
"last_observed": "2017-05-29T15:14:56Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3af0-1060-4a1f-9312-4d25950d210f",
|
|
"ipv4-addr--592c3af0-1060-4a1f-9312-4d25950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3af0-1060-4a1f-9312-4d25950d210f",
|
|
"dst_ref": "ipv4-addr--592c3af0-1060-4a1f-9312-4d25950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3af0-1060-4a1f-9312-4d25950d210f",
|
|
"value": "160.202.163.234"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3af1-4924-447f-a1ea-44ad950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:57.000Z",
|
|
"modified": "2017-05-29T15:14:57.000Z",
|
|
"pattern": "[url:value = 'tfyfa.sh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3af1-aa70-44c2-a4d3-46a6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:57.000Z",
|
|
"modified": "2017-05-29T15:14:57.000Z",
|
|
"pattern": "[domain-name:value = 'tfyfa.sh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3af2-2e48-4363-90d5-470f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:58.000Z",
|
|
"modified": "2017-05-29T15:14:58.000Z",
|
|
"pattern": "[url:value = 'tfyfa2.sh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3af3-85e8-451b-bd41-4b22950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:59.000Z",
|
|
"modified": "2017-05-29T15:14:59.000Z",
|
|
"pattern": "[domain-name:value = 'tfyfa2.sh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3af3-8f98-4260-a3da-4ebe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:14:59.000Z",
|
|
"modified": "2017-05-29T15:14:59.000Z",
|
|
"pattern": "[url:value = 'http://107.173.209.45/fyfa.sh']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:14:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3af4-9e5c-4d10-9597-45a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:00.000Z",
|
|
"modified": "2017-05-29T15:15:00.000Z",
|
|
"first_observed": "2017-05-29T15:15:00Z",
|
|
"last_observed": "2017-05-29T15:15:00Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3af4-9e5c-4d10-9597-45a0950d210f",
|
|
"ipv4-addr--592c3af4-9e5c-4d10-9597-45a0950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3af4-9e5c-4d10-9597-45a0950d210f",
|
|
"dst_ref": "ipv4-addr--592c3af4-9e5c-4d10-9597-45a0950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3af4-9e5c-4d10-9597-45a0950d210f",
|
|
"value": "107.173.209.45"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3af5-5168-4c09-a197-44a1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:01.000Z",
|
|
"modified": "2017-05-29T15:15:01.000Z",
|
|
"pattern": "[url:value = 'http://dns-services.gq/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3af6-149c-41e9-ace4-4069950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:02.000Z",
|
|
"modified": "2017-05-29T15:15:02.000Z",
|
|
"pattern": "[domain-name:value = 'dns-services.gq']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3af7-1a84-4ba8-909b-44b0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:03.000Z",
|
|
"modified": "2017-05-29T15:15:03.000Z",
|
|
"first_observed": "2017-05-29T15:15:03Z",
|
|
"last_observed": "2017-05-29T15:15:03Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3af7-1a84-4ba8-909b-44b0950d210f",
|
|
"ipv4-addr--592c3af7-1a84-4ba8-909b-44b0950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3af7-1a84-4ba8-909b-44b0950d210f",
|
|
"dst_ref": "ipv4-addr--592c3af7-1a84-4ba8-909b-44b0950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3af7-1a84-4ba8-909b-44b0950d210f",
|
|
"value": "45.76.13.46"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3af7-cccc-41a5-b4d5-4e83950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:03.000Z",
|
|
"modified": "2017-05-29T15:15:03.000Z",
|
|
"pattern": "[url:value = 'http://188.25.157.171/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3af8-2648-49f9-9afd-4c22950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:04.000Z",
|
|
"modified": "2017-05-29T15:15:04.000Z",
|
|
"first_observed": "2017-05-29T15:15:04Z",
|
|
"last_observed": "2017-05-29T15:15:04Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3af8-2648-49f9-9afd-4c22950d210f",
|
|
"ipv4-addr--592c3af8-2648-49f9-9afd-4c22950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3af8-2648-49f9-9afd-4c22950d210f",
|
|
"dst_ref": "ipv4-addr--592c3af8-2648-49f9-9afd-4c22950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3af8-2648-49f9-9afd-4c22950d210f",
|
|
"value": "188.25.157.171"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3af9-9250-4f37-835d-4019950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:05.000Z",
|
|
"modified": "2017-05-29T15:15:05.000Z",
|
|
"pattern": "[url:value = 'http://122.10.81.81:1436/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3afa-c9ac-4d8f-846b-4229950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:06.000Z",
|
|
"modified": "2017-05-29T15:15:06.000Z",
|
|
"first_observed": "2017-05-29T15:15:06Z",
|
|
"last_observed": "2017-05-29T15:15:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3afa-c9ac-4d8f-846b-4229950d210f",
|
|
"ipv4-addr--592c3afa-c9ac-4d8f-846b-4229950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3afa-c9ac-4d8f-846b-4229950d210f",
|
|
"dst_ref": "ipv4-addr--592c3afa-c9ac-4d8f-846b-4229950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3afa-c9ac-4d8f-846b-4229950d210f",
|
|
"value": "122.10.81.81"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3afb-0320-4cce-982f-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:07.000Z",
|
|
"modified": "2017-05-29T15:15:07.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/miraint']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3afc-069c-4d71-ad0f-4ab3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:08.000Z",
|
|
"modified": "2017-05-29T15:15:08.000Z",
|
|
"pattern": "[url:value = 'http://185.92.220.143/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3afd-fc10-4240-9cf9-4267950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:09.000Z",
|
|
"modified": "2017-05-29T15:15:09.000Z",
|
|
"first_observed": "2017-05-29T15:15:09Z",
|
|
"last_observed": "2017-05-29T15:15:09Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3afd-fc10-4240-9cf9-4267950d210f",
|
|
"ipv4-addr--592c3afd-fc10-4240-9cf9-4267950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3afd-fc10-4240-9cf9-4267950d210f",
|
|
"dst_ref": "ipv4-addr--592c3afd-fc10-4240-9cf9-4267950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3afd-fc10-4240-9cf9-4267950d210f",
|
|
"value": "185.92.220.143"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3afe-df50-4fd0-8473-4a4a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:10.000Z",
|
|
"modified": "2017-05-29T15:15:10.000Z",
|
|
"pattern": "[url:value = 'http://185.141.24.24/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3afe-6990-4102-92f9-4cf6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:10.000Z",
|
|
"modified": "2017-05-29T15:15:10.000Z",
|
|
"first_observed": "2017-05-29T15:15:10Z",
|
|
"last_observed": "2017-05-29T15:15:10Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3afe-6990-4102-92f9-4cf6950d210f",
|
|
"ipv4-addr--592c3afe-6990-4102-92f9-4cf6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3afe-6990-4102-92f9-4cf6950d210f",
|
|
"dst_ref": "ipv4-addr--592c3afe-6990-4102-92f9-4cf6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3afe-6990-4102-92f9-4cf6950d210f",
|
|
"value": "185.141.24.24"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3aff-44b4-4c69-b162-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:11.000Z",
|
|
"modified": "2017-05-29T15:15:11.000Z",
|
|
"pattern": "[url:value = 'http://cnc.urgay.cf/bins/miraint']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b00-5d7c-43ae-9aee-4169950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:12.000Z",
|
|
"modified": "2017-05-29T15:15:12.000Z",
|
|
"pattern": "[domain-name:value = 'cnc.urgay.cf']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3b00-54b0-4c02-bc81-4096950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:12.000Z",
|
|
"modified": "2017-05-29T15:15:12.000Z",
|
|
"first_observed": "2017-05-29T15:15:12Z",
|
|
"last_observed": "2017-05-29T15:15:12Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3b00-54b0-4c02-bc81-4096950d210f",
|
|
"ipv4-addr--592c3b00-54b0-4c02-bc81-4096950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3b00-54b0-4c02-bc81-4096950d210f",
|
|
"dst_ref": "ipv4-addr--592c3b00-54b0-4c02-bc81-4096950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3b00-54b0-4c02-bc81-4096950d210f",
|
|
"value": "82.118.242.174"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b02-86a0-498a-9a1e-482b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:14.000Z",
|
|
"modified": "2017-05-29T15:15:14.000Z",
|
|
"pattern": "[url:value = 'http://vap3.ddns.net/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b02-cc88-4605-b5a8-4688950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:14.000Z",
|
|
"modified": "2017-05-29T15:15:14.000Z",
|
|
"pattern": "[domain-name:value = 'vap3.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3b03-03c4-4316-be41-421d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:15.000Z",
|
|
"modified": "2017-05-29T15:15:15.000Z",
|
|
"first_observed": "2017-05-29T15:15:15Z",
|
|
"last_observed": "2017-05-29T15:15:15Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3b03-03c4-4316-be41-421d950d210f",
|
|
"ipv4-addr--592c3b03-03c4-4316-be41-421d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3b03-03c4-4316-be41-421d950d210f",
|
|
"dst_ref": "ipv4-addr--592c3b03-03c4-4316-be41-421d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3b03-03c4-4316-be41-421d950d210f",
|
|
"value": "185.165.29.31"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b04-a7e4-4bd9-834d-426f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:16.000Z",
|
|
"modified": "2017-05-29T15:15:16.000Z",
|
|
"pattern": "[url:value = 'http://185.188.206.3/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3b04-24f4-4ad2-88cc-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:16.000Z",
|
|
"modified": "2017-05-29T15:15:16.000Z",
|
|
"first_observed": "2017-05-29T15:15:16Z",
|
|
"last_observed": "2017-05-29T15:15:16Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3b04-24f4-4ad2-88cc-c158950d210f",
|
|
"ipv4-addr--592c3b04-24f4-4ad2-88cc-c158950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3b04-24f4-4ad2-88cc-c158950d210f",
|
|
"dst_ref": "ipv4-addr--592c3b04-24f4-4ad2-88cc-c158950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3b04-24f4-4ad2-88cc-c158950d210f",
|
|
"value": "185.188.206.3"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b05-1c58-482b-90aa-4478950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:17.000Z",
|
|
"modified": "2017-05-29T15:15:17.000Z",
|
|
"pattern": "[url:value = 'http://185.188.206.99/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3b06-056c-4ede-8ce0-4609950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:18.000Z",
|
|
"modified": "2017-05-29T15:15:18.000Z",
|
|
"first_observed": "2017-05-29T15:15:18Z",
|
|
"last_observed": "2017-05-29T15:15:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3b06-056c-4ede-8ce0-4609950d210f",
|
|
"ipv4-addr--592c3b06-056c-4ede-8ce0-4609950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3b06-056c-4ede-8ce0-4609950d210f",
|
|
"dst_ref": "ipv4-addr--592c3b06-056c-4ede-8ce0-4609950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3b06-056c-4ede-8ce0-4609950d210f",
|
|
"value": "185.188.206.99"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b06-ecb0-4621-804b-4e41950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:18.000Z",
|
|
"modified": "2017-05-29T15:15:18.000Z",
|
|
"pattern": "[url:value = 'http://192.227.180.173/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3b07-bda8-4b20-91c1-440e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:19.000Z",
|
|
"modified": "2017-05-29T15:15:19.000Z",
|
|
"first_observed": "2017-05-29T15:15:19Z",
|
|
"last_observed": "2017-05-29T15:15:19Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3b07-bda8-4b20-91c1-440e950d210f",
|
|
"ipv4-addr--592c3b07-bda8-4b20-91c1-440e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3b07-bda8-4b20-91c1-440e950d210f",
|
|
"dst_ref": "ipv4-addr--592c3b07-bda8-4b20-91c1-440e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3b07-bda8-4b20-91c1-440e950d210f",
|
|
"value": "192.227.180.173"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b08-fb18-48e9-ba48-4606950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:20.000Z",
|
|
"modified": "2017-05-29T15:15:20.000Z",
|
|
"pattern": "[url:value = 'http://198.46.130.87/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3b09-97f8-4c2c-aa38-435b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:21.000Z",
|
|
"modified": "2017-05-29T15:15:21.000Z",
|
|
"first_observed": "2017-05-29T15:15:21Z",
|
|
"last_observed": "2017-05-29T15:15:21Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3b09-97f8-4c2c-aa38-435b950d210f",
|
|
"ipv4-addr--592c3b09-97f8-4c2c-aa38-435b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3b09-97f8-4c2c-aa38-435b950d210f",
|
|
"dst_ref": "ipv4-addr--592c3b09-97f8-4c2c-aa38-435b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3b09-97f8-4c2c-aa38-435b950d210f",
|
|
"value": "198.46.130.87"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b0a-60d4-48e6-aaea-476d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:22.000Z",
|
|
"modified": "2017-05-29T15:15:22.000Z",
|
|
"pattern": "[url:value = 'http://yzykar2.hopto.org/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b0c-ab70-4061-b429-4b00950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:24.000Z",
|
|
"modified": "2017-05-29T15:15:24.000Z",
|
|
"pattern": "[domain-name:value = 'yzykar2.hopto.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3b0c-4164-4379-96ea-4708950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:24.000Z",
|
|
"modified": "2017-05-29T15:15:24.000Z",
|
|
"first_observed": "2017-05-29T15:15:24Z",
|
|
"last_observed": "2017-05-29T15:15:24Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3b0c-4164-4379-96ea-4708950d210f",
|
|
"ipv4-addr--592c3b0c-4164-4379-96ea-4708950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3b0c-4164-4379-96ea-4708950d210f",
|
|
"dst_ref": "ipv4-addr--592c3b0c-4164-4379-96ea-4708950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3b0c-4164-4379-96ea-4708950d210f",
|
|
"value": "213.136.75.147"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b0d-840c-44b7-b55e-4a0e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:25.000Z",
|
|
"modified": "2017-05-29T15:15:25.000Z",
|
|
"pattern": "[url:value = 'securityupdates.us/']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b0e-2d80-467d-ab0c-4fd3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:26.000Z",
|
|
"modified": "2017-05-29T15:15:26.000Z",
|
|
"pattern": "[domain-name:value = 'securityupdates.us']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3b0e-0810-46bc-9294-40f1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:26.000Z",
|
|
"modified": "2017-05-29T15:15:26.000Z",
|
|
"first_observed": "2017-05-29T15:15:26Z",
|
|
"last_observed": "2017-05-29T15:15:26Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3b0e-0810-46bc-9294-40f1950d210f",
|
|
"ipv4-addr--592c3b0e-0810-46bc-9294-40f1950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3b0e-0810-46bc-9294-40f1950d210f",
|
|
"dst_ref": "ipv4-addr--592c3b0e-0810-46bc-9294-40f1950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3b0e-0810-46bc-9294-40f1950d210f",
|
|
"value": "84.16.241.195"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b0f-6808-429d-845b-422e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:27.000Z",
|
|
"modified": "2017-05-29T15:15:27.000Z",
|
|
"pattern": "[url:value = 'http://l.ocalhost.host/1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b10-1fa0-41e2-a7d8-482d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:28.000Z",
|
|
"modified": "2017-05-29T15:15:28.000Z",
|
|
"pattern": "[domain-name:value = 'l.ocalhost.host']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b10-40f4-469b-9e5e-4412950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:28.000Z",
|
|
"modified": "2017-05-29T15:15:28.000Z",
|
|
"pattern": "[url:value = 'http://srrys.pw/1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b11-b494-4011-a239-4411950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:29.000Z",
|
|
"modified": "2017-05-29T15:15:29.000Z",
|
|
"pattern": "[domain-name:value = 'srrys.pw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3b12-a7c0-4118-bf7c-4c74950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:30.000Z",
|
|
"modified": "2017-05-29T15:15:30.000Z",
|
|
"first_observed": "2017-05-29T15:15:30Z",
|
|
"last_observed": "2017-05-29T15:15:30Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3b12-a7c0-4118-bf7c-4c74950d210f",
|
|
"ipv4-addr--592c3b12-a7c0-4118-bf7c-4c74950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3b12-a7c0-4118-bf7c-4c74950d210f",
|
|
"dst_ref": "ipv4-addr--592c3b12-a7c0-4118-bf7c-4c74950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3b12-a7c0-4118-bf7c-4c74950d210f",
|
|
"value": "84.16.241.214"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b12-7e94-431d-ac74-4515950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:30.000Z",
|
|
"modified": "2017-05-29T15:15:30.000Z",
|
|
"pattern": "[url:value = 'http://tr069.pw/1']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:30Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b13-6b00-4bc2-9969-4d1a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:31.000Z",
|
|
"modified": "2017-05-29T15:15:31.000Z",
|
|
"pattern": "[domain-name:value = 'tr069.pw']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:31Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b14-8a70-4648-9be2-4bd8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:32.000Z",
|
|
"modified": "2017-05-29T15:15:32.000Z",
|
|
"pattern": "[url:value = 'http://112.185.114.71:62824/.i']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:32Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3b15-a94c-4569-acad-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:33.000Z",
|
|
"modified": "2017-05-29T15:15:33.000Z",
|
|
"first_observed": "2017-05-29T15:15:33Z",
|
|
"last_observed": "2017-05-29T15:15:33Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3b15-a94c-4569-acad-c158950d210f",
|
|
"ipv4-addr--592c3b15-a94c-4569-acad-c158950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3b15-a94c-4569-acad-c158950d210f",
|
|
"dst_ref": "ipv4-addr--592c3b15-a94c-4569-acad-c158950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3b15-a94c-4569-acad-c158950d210f",
|
|
"value": "112.185.114.71"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b16-aba4-48b4-9cc4-46f3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:34.000Z",
|
|
"modified": "2017-05-29T15:15:34.000Z",
|
|
"pattern": "[url:value = 'http://online.upmirai.club/bady/miraint.arm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b17-8800-4416-a287-4467950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:35.000Z",
|
|
"modified": "2017-05-29T15:15:35.000Z",
|
|
"pattern": "[url:value = 'http://online.upmirai.club/bady/miraint.arm5n']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b18-c610-4f7c-9f63-4ddf950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:36.000Z",
|
|
"modified": "2017-05-29T15:15:36.000Z",
|
|
"pattern": "[url:value = 'http://online.upmirai.club/bady/miraint.arm7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b19-0708-4363-8905-4410950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:37.000Z",
|
|
"modified": "2017-05-29T15:15:37.000Z",
|
|
"pattern": "[url:value = 'http://online.upmirai.club/bady/miraint.m68k']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b1a-1b1c-49de-b546-48b4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:38.000Z",
|
|
"modified": "2017-05-29T15:15:38.000Z",
|
|
"pattern": "[url:value = 'http://online.upmirai.club/bady/miraint.mips']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:38Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b1b-bc4c-40e6-b9b0-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:39.000Z",
|
|
"modified": "2017-05-29T15:15:39.000Z",
|
|
"pattern": "[url:value = 'http://online.upmirai.club/bady/miraint.mpsl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:39Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b1c-3c74-415c-abde-4453950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:40.000Z",
|
|
"modified": "2017-05-29T15:15:40.000Z",
|
|
"pattern": "[url:value = 'http://online.upmirai.club/bady/miraint.ppc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:40Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b1d-f974-4316-810d-4d26950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:41.000Z",
|
|
"modified": "2017-05-29T15:15:41.000Z",
|
|
"pattern": "[url:value = 'http://online.upmirai.club/bady/miraint.sh4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:41Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b1e-4c44-4eca-8337-4462950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:42.000Z",
|
|
"modified": "2017-05-29T15:15:42.000Z",
|
|
"pattern": "[url:value = 'http://online.upmirai.club/bady/miraint.spc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:42Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b1f-c80c-4574-adb4-4aa0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:43.000Z",
|
|
"modified": "2017-05-29T15:15:43.000Z",
|
|
"pattern": "[url:value = 'http://online.upmirai.club/bady/miraint.x86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:43Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b21-f840-4f3b-aaac-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:45.000Z",
|
|
"modified": "2017-05-29T15:15:45.000Z",
|
|
"pattern": "[url:value = 'http://vap3.ddns.net/bins/mirai.x86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:45Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b22-514c-4ac9-8d28-441e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:46.000Z",
|
|
"modified": "2017-05-29T15:15:46.000Z",
|
|
"pattern": "[url:value = 'vap3.ddns.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:46Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b24-53c4-4a79-ab18-4404950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:48.000Z",
|
|
"modified": "2017-05-29T15:15:48.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/mirai.x86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b24-66d8-4515-84c0-44f0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:48.000Z",
|
|
"modified": "2017-05-29T15:15:48.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/mirai.ppc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:48Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b25-00c0-4370-9cf1-4dfe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:49.000Z",
|
|
"modified": "2017-05-29T15:15:49.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/mirai.mips']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:49Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b26-ec8c-44ff-bfa5-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:50.000Z",
|
|
"modified": "2017-05-29T15:15:50.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/mirai.arm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:50Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b27-d4d4-4305-af0a-4fd5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:51.000Z",
|
|
"modified": "2017-05-29T15:15:51.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/mirai.spc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b27-d89c-4356-bfe1-46a5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:51.000Z",
|
|
"modified": "2017-05-29T15:15:51.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/mirai.mpsl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:51Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b28-49c4-4632-8b9b-44c2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:52.000Z",
|
|
"modified": "2017-05-29T15:15:52.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/mirai.arm7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:52Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b2a-8a28-49e4-9e36-42de950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:54.000Z",
|
|
"modified": "2017-05-29T15:15:54.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/mirai.arm5n']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b2a-53e0-4c57-a808-4796950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:54.000Z",
|
|
"modified": "2017-05-29T15:15:54.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/mirai.m68k']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:54Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b2b-1988-4839-bb64-4fc8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:55.000Z",
|
|
"modified": "2017-05-29T15:15:55.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/mirai.sh4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:55Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b2c-c4a4-41ff-9d0e-434b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:56.000Z",
|
|
"modified": "2017-05-29T15:15:56.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/miraint.ppc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:56Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b2d-c1d0-4575-8a58-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:57.000Z",
|
|
"modified": "2017-05-29T15:15:57.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/miraint.mpsl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:57Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b2e-15c4-45ca-aa00-4606950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:58.000Z",
|
|
"modified": "2017-05-29T15:15:58.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/miraint.mips']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:58Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b2f-2e94-41c0-b851-4be4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:15:59.000Z",
|
|
"modified": "2017-05-29T15:15:59.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/miraint.spc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:15:59Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b30-4ad8-4584-a5ee-441c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:00.000Z",
|
|
"modified": "2017-05-29T15:16:00.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/miraint.arm5n']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b30-76d4-43ff-8e5a-4251950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:00.000Z",
|
|
"modified": "2017-05-29T15:16:00.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/miraint.arm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:00Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b31-e914-4706-8350-4135950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:01.000Z",
|
|
"modified": "2017-05-29T15:16:01.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/miraint.sh4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:01Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b32-59b0-4297-a708-4975950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:02.000Z",
|
|
"modified": "2017-05-29T15:16:02.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/miraint.x86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:02Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b33-c148-4353-8452-4ea6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:03.000Z",
|
|
"modified": "2017-05-29T15:16:03.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/miraint.arm7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:03Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b34-e7f0-4711-ba61-4c8c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:04.000Z",
|
|
"modified": "2017-05-29T15:16:04.000Z",
|
|
"pattern": "[url:value = 'http://45.76.161.196/bady/miraint.m68k']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:04Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b35-3730-4b53-93d9-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:05.000Z",
|
|
"modified": "2017-05-29T15:16:05.000Z",
|
|
"pattern": "[url:value = 'http://46.166.185.243/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:05Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3b36-1fbc-42f5-8fbc-40fc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:06.000Z",
|
|
"modified": "2017-05-29T15:16:06.000Z",
|
|
"first_observed": "2017-05-29T15:16:06Z",
|
|
"last_observed": "2017-05-29T15:16:06Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3b36-1fbc-42f5-8fbc-40fc950d210f",
|
|
"ipv4-addr--592c3b36-1fbc-42f5-8fbc-40fc950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3b36-1fbc-42f5-8fbc-40fc950d210f",
|
|
"dst_ref": "ipv4-addr--592c3b36-1fbc-42f5-8fbc-40fc950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3b36-1fbc-42f5-8fbc-40fc950d210f",
|
|
"value": "46.166.185.243"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b37-46f8-472f-afd3-4585950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:07.000Z",
|
|
"modified": "2017-05-29T15:16:07.000Z",
|
|
"pattern": "[url:value = 'http://46.166.185.243/bins/mirai.mips']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b37-5958-4aea-b5c4-4408950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:07.000Z",
|
|
"modified": "2017-05-29T15:16:07.000Z",
|
|
"pattern": "[url:value = 'http://46.166.185.243/bins/mirai.arm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:07Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b38-f870-463f-b3d4-425e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:08.000Z",
|
|
"modified": "2017-05-29T15:16:08.000Z",
|
|
"pattern": "[url:value = 'http://46.166.185.243/bins/mirai.m68k']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:08Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b39-aa3c-4f43-ae8f-43a4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:09.000Z",
|
|
"modified": "2017-05-29T15:16:09.000Z",
|
|
"pattern": "[url:value = 'http://46.166.185.243/bins/mirai.spc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:09Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b3a-dfdc-4154-bddb-40d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:10.000Z",
|
|
"modified": "2017-05-29T15:16:10.000Z",
|
|
"pattern": "[url:value = 'http://46.166.185.243/bins/mirai.ppc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:10Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b3b-b35c-4087-bcd3-4511950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:11.000Z",
|
|
"modified": "2017-05-29T15:16:11.000Z",
|
|
"pattern": "[url:value = 'http://46.166.185.243/bins/mirai.x86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b3b-a414-4199-9bcb-4131950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:11.000Z",
|
|
"modified": "2017-05-29T15:16:11.000Z",
|
|
"pattern": "[url:value = 'http://46.166.185.243/bins/mirai.sh4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:11Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b3c-54b4-436c-9066-4532950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:12.000Z",
|
|
"modified": "2017-05-29T15:16:12.000Z",
|
|
"pattern": "[url:value = 'http://46.166.185.243/bins/mirai.arm7']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:12Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b3e-7638-4c97-b577-c158950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:14.000Z",
|
|
"modified": "2017-05-29T15:16:14.000Z",
|
|
"pattern": "[url:value = 'http://46.166.185.243/bins/mirai.mpsl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:14Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b3f-d1f0-49e6-8189-41c6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:15.000Z",
|
|
"modified": "2017-05-29T15:16:15.000Z",
|
|
"pattern": "[url:value = 'modzreps.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:15Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b40-27cc-404d-b73b-4c1e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:16.000Z",
|
|
"modified": "2017-05-29T15:16:16.000Z",
|
|
"pattern": "[domain-name:value = 'modzreps.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:16Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b41-15b8-4c82-a07c-4540950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:17.000Z",
|
|
"modified": "2017-05-29T15:16:17.000Z",
|
|
"pattern": "[url:value = 'http://86.110.119.45/bins/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:17Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3b42-52ac-49f6-8e48-4a02950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:18.000Z",
|
|
"modified": "2017-05-29T15:16:18.000Z",
|
|
"first_observed": "2017-05-29T15:16:18Z",
|
|
"last_observed": "2017-05-29T15:16:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3b42-52ac-49f6-8e48-4a02950d210f",
|
|
"ipv4-addr--592c3b42-52ac-49f6-8e48-4a02950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3b42-52ac-49f6-8e48-4a02950d210f",
|
|
"dst_ref": "ipv4-addr--592c3b42-52ac-49f6-8e48-4a02950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3b42-52ac-49f6-8e48-4a02950d210f",
|
|
"value": "86.110.119.45"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b42-d5e4-4d6b-bde2-4762950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:18.000Z",
|
|
"modified": "2017-05-29T15:16:18.000Z",
|
|
"pattern": "[url:value = 'http://86.110.119.45/bins/mirai.x86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b43-84a8-4240-b9f2-4eb7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:19.000Z",
|
|
"modified": "2017-05-29T15:16:19.000Z",
|
|
"pattern": "[url:value = 'bakiiszwart.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:19Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b44-ee00-4158-9e7c-48fc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:20.000Z",
|
|
"modified": "2017-05-29T15:16:20.000Z",
|
|
"pattern": "[domain-name:value = 'bakiiszwart.tk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:20Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3b44-170c-45bf-90fa-4a7e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:20.000Z",
|
|
"modified": "2017-05-29T15:16:20.000Z",
|
|
"first_observed": "2017-05-29T15:16:20Z",
|
|
"last_observed": "2017-05-29T15:16:20Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3b44-170c-45bf-90fa-4a7e950d210f",
|
|
"ipv4-addr--592c3b44-170c-45bf-90fa-4a7e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3b44-170c-45bf-90fa-4a7e950d210f",
|
|
"dst_ref": "ipv4-addr--592c3b44-170c-45bf-90fa-4a7e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3b44-170c-45bf-90fa-4a7e950d210f",
|
|
"value": "128.199.49.132"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b46-6f04-491f-a0e1-4c3b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:22.000Z",
|
|
"modified": "2017-05-29T15:16:22.000Z",
|
|
"pattern": "[url:value = 'http://107.173.209.45/fyfa']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b46-8894-48a3-8279-4c7f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:22.000Z",
|
|
"modified": "2017-05-29T15:16:22.000Z",
|
|
"pattern": "[url:value = 'http://107.173.209.45/fyfa.i686']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:22Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b48-0da4-4bd4-86ed-420e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:24.000Z",
|
|
"modified": "2017-05-29T15:16:24.000Z",
|
|
"pattern": "[url:value = 'http://107.173.209.45/fyfa.arm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b48-5810-4f5c-a4be-4463950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:24.000Z",
|
|
"modified": "2017-05-29T15:16:24.000Z",
|
|
"pattern": "[url:value = 'http://107.173.209.45/fyfa.x86']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:24Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b49-dbf0-4f54-8c8f-48fe950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:25.000Z",
|
|
"modified": "2017-05-29T15:16:25.000Z",
|
|
"pattern": "[url:value = 'http://107.173.209.45/fyfa.mips']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:25Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b4a-e85c-4a7d-9902-4183950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:26.000Z",
|
|
"modified": "2017-05-29T15:16:26.000Z",
|
|
"pattern": "[url:value = 'http://107.173.209.45/fyfa.sh4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b4a-808c-4ebe-ba58-49c2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:26.000Z",
|
|
"modified": "2017-05-29T15:16:26.000Z",
|
|
"pattern": "[url:value = 'http://107.173.209.45/fyfa.i586']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:26Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b4b-e574-4989-a0b8-4c04950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:27.000Z",
|
|
"modified": "2017-05-29T15:16:27.000Z",
|
|
"pattern": "[url:value = 'http://107.173.209.45/fyfa.mpsl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:27Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b4c-cbbc-47fc-aaa9-4e7d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:28.000Z",
|
|
"modified": "2017-05-29T15:16:28.000Z",
|
|
"pattern": "[url:value = 'http://107.173.209.45/fyfa.spc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:28Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b4d-ae84-4238-af27-48b5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:29.000Z",
|
|
"modified": "2017-05-29T15:16:29.000Z",
|
|
"pattern": "[url:value = 'http://107.173.209.45/fyfa.m68k']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b4d-08c4-423a-a202-47bc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:29.000Z",
|
|
"modified": "2017-05-29T15:16:29.000Z",
|
|
"pattern": "[url:value = 'http://107.173.209.45/fyfa.pcc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:29Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b51-449c-4c5b-9345-4fbd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:33.000Z",
|
|
"modified": "2017-05-29T15:16:33.000Z",
|
|
"pattern": "[url:value = 'http://119.28.72.174:280/mirai/mirai']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:33Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--592c3b52-84d0-4206-acf9-4d50950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:34.000Z",
|
|
"modified": "2017-05-29T15:16:34.000Z",
|
|
"first_observed": "2017-05-29T15:16:34Z",
|
|
"last_observed": "2017-05-29T15:16:34Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--592c3b52-84d0-4206-acf9-4d50950d210f",
|
|
"ipv4-addr--592c3b52-84d0-4206-acf9-4d50950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--592c3b52-84d0-4206-acf9-4d50950d210f",
|
|
"dst_ref": "ipv4-addr--592c3b52-84d0-4206-acf9-4d50950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--592c3b52-84d0-4206-acf9-4d50950d210f",
|
|
"value": "119.28.72.174"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b52-5134-4c21-9592-4a3f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:34.000Z",
|
|
"modified": "2017-05-29T15:16:34.000Z",
|
|
"pattern": "[url:value = 'http://119.28.72.174:280/mirai/mirai.arm']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:34Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b53-ab90-42d6-b11a-45fc950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:35.000Z",
|
|
"modified": "2017-05-29T15:16:35.000Z",
|
|
"pattern": "[url:value = 'http://119.28.72.174:280/mirai/mirai.spc']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b54-7784-4874-bce0-49d9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:36.000Z",
|
|
"modified": "2017-05-29T15:16:36.000Z",
|
|
"pattern": "[url:value = 'http://119.28.72.174:280/mirai/mirai.mpsl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b55-e1e8-4783-82a7-4ae5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:37.000Z",
|
|
"modified": "2017-05-29T15:16:37.000Z",
|
|
"pattern": "[url:value = 'http://119.28.72.174:280/mirai/mirai.sh4']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--592c3b55-a1bc-4f56-bef4-4acd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-05-29T15:16:37.000Z",
|
|
"modified": "2017-05-29T15:16:37.000Z",
|
|
"pattern": "[url:value = 'http://119.28.72.174:280/mirai/mirai.mips']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-05-29T15:16:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |