adulau/misp-circl-feed
1
0
Fork 0
Code Issues 1 Pull requests Projects 1 Releases Packages Wiki Activity Actions
misp-circl-feed/feeds/circl/stix-2.1/593133d6-46f4-49e7-b1f6-422f950d210f.json

1753 lines
No EOL
70 KiB
JSON
Raw Permalink Blame History

{
"type": "bundle",
"id": "bundle--593133d6-46f4-49e7-b1f6-422f950d210f",
"objects": [
{
"type": "identity",
"spec_version": "2.1",
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:59.000Z",
"modified": "2017-06-02T15:15:59.000Z",
"name": "CIRCL",
"identity_class": "organization"
},
{
"type": "report",
"spec_version": "2.1",
"id": "report--593133d6-46f4-49e7-b1f6-422f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:59.000Z",
"modified": "2017-06-02T15:15:59.000Z",
"name": "M2M - Malspam --> 62909008.pdf",
"published": "2017-06-02T15:16:05Z",
"object_refs": [
"indicator--593133d9-f10c-47f0-a215-4bff950d210f",
"indicator--593133db-da10-411f-814e-442e950d210f",
"indicator--593133dc-15f0-48a2-84cd-4792950d210f",
"indicator--593133de-20e4-4e43-92c2-43b1950d210f",
"indicator--593133e0-04a8-4f13-ac42-4543950d210f",
"observed-data--593133e2-d0cc-4f61-ab71-4abe950d210f",
"network-traffic--593133e2-d0cc-4f61-ab71-4abe950d210f",
"ipv4-addr--593133e2-d0cc-4f61-ab71-4abe950d210f",
"indicator--593133e4-5d7c-46e7-8453-416c950d210f",
"indicator--593133e6-4204-45e9-8211-41cb950d210f",
"observed-data--593133e8-cb64-4d9f-8706-454a950d210f",
"network-traffic--593133e8-cb64-4d9f-8706-454a950d210f",
"ipv4-addr--593133e8-cb64-4d9f-8706-454a950d210f",
"indicator--593133e9-a094-4b37-ad39-4957950d210f",
"indicator--593133eb-8198-4f5e-b0da-4fd8950d210f",
"observed-data--593133ee-dbac-4350-9bcb-49a7950d210f",
"network-traffic--593133ee-dbac-4350-9bcb-49a7950d210f",
"ipv4-addr--593133ee-dbac-4350-9bcb-49a7950d210f",
"indicator--593133f0-bfa8-417a-a021-4249950d210f",
"indicator--593133f1-7774-407a-b893-4d97950d210f",
"observed-data--593133f5-62a0-423b-bc36-4a56950d210f",
"network-traffic--593133f5-62a0-423b-bc36-4a56950d210f",
"ipv4-addr--593133f5-62a0-423b-bc36-4a56950d210f",
"indicator--593133f6-42b8-48ad-8929-41af950d210f",
"indicator--593133f8-9674-43f5-ba2f-470c950d210f",
"observed-data--593133fa-3c50-4981-8b74-47f4950d210f",
"network-traffic--593133fa-3c50-4981-8b74-47f4950d210f",
"ipv4-addr--593133fa-3c50-4981-8b74-47f4950d210f",
"indicator--593133fc-c6f4-404c-a4c3-46b0950d210f",
"indicator--593133fe-8118-4284-aada-4945950d210f",
"observed-data--593133ff-58ec-41df-a867-4991950d210f",
"network-traffic--593133ff-58ec-41df-a867-4991950d210f",
"ipv4-addr--593133ff-58ec-41df-a867-4991950d210f",
"indicator--59313400-05d0-4a96-b874-40f1950d210f",
"indicator--59313402-bd54-44e5-aca2-47a4950d210f",
"observed-data--59313404-77c8-4f47-aba2-4825950d210f",
"network-traffic--59313404-77c8-4f47-aba2-4825950d210f",
"ipv4-addr--59313404-77c8-4f47-aba2-4825950d210f",
"indicator--59313406-d784-45ad-86fb-4b21950d210f",
"indicator--59313408-7f80-410e-8f3c-4a45950d210f",
"observed-data--59313409-f2a0-40de-9df1-4ffb950d210f",
"network-traffic--59313409-f2a0-40de-9df1-4ffb950d210f",
"ipv4-addr--59313409-f2a0-40de-9df1-4ffb950d210f",
"indicator--5931340b-da7c-4806-857a-4335950d210f",
"indicator--5931340e-d1fc-4b27-8190-42a8950d210f",
"observed-data--59313410-47dc-468a-bbd3-4978950d210f",
"network-traffic--59313410-47dc-468a-bbd3-4978950d210f",
"ipv4-addr--59313410-47dc-468a-bbd3-4978950d210f",
"indicator--59313412-87ec-48dc-94fc-4205950d210f",
"indicator--59313413-5c38-4e69-b62f-4367950d210f",
"observed-data--59313414-19a4-4996-88ef-4f11950d210f",
"network-traffic--59313414-19a4-4996-88ef-4f11950d210f",
"ipv4-addr--59313414-19a4-4996-88ef-4f11950d210f",
"indicator--59313416-3fbc-41ab-a6c4-4359950d210f",
"indicator--59313417-036c-4a04-8a39-44f4950d210f",
"observed-data--59313418-a344-41c0-b999-4a0d950d210f",
"network-traffic--59313418-a344-41c0-b999-4a0d950d210f",
"ipv4-addr--59313418-a344-41c0-b999-4a0d950d210f",
"indicator--59313419-8f00-435b-94e5-4224950d210f",
"indicator--5931341a-0d84-4991-bfdb-4556950d210f",
"observed-data--5931341b-a2a8-46ef-b913-487a950d210f",
"network-traffic--5931341b-a2a8-46ef-b913-487a950d210f",
"ipv4-addr--5931341b-a2a8-46ef-b913-487a950d210f",
"indicator--5931341c-690c-445b-8817-48d4950d210f",
"indicator--5931341d-5bd4-465f-ab05-4ae9950d210f",
"indicator--59313420-b6cc-4c18-a737-4b85950d210f",
"indicator--59313421-7d30-4bdd-9172-4bf7950d210f",
"observed-data--59313422-a36c-426d-8470-40d3950d210f",
"network-traffic--59313422-a36c-426d-8470-40d3950d210f",
"ipv4-addr--59313422-a36c-426d-8470-40d3950d210f",
"indicator--59313424-8b8c-4677-ab56-4fc7950d210f",
"indicator--59313425-9418-4f28-9425-4492950d210f",
"observed-data--59313426-0db8-4df6-91fc-422d950d210f",
"network-traffic--59313426-0db8-4df6-91fc-422d950d210f",
"ipv4-addr--59313426-0db8-4df6-91fc-422d950d210f",
"indicator--59313427-fb94-4e62-844b-4217950d210f",
"indicator--59313428-d794-4b27-a4d3-4157950d210f",
"observed-data--5931342a-e8ac-4fe0-b9e7-4d0b950d210f",
"network-traffic--5931342a-e8ac-4fe0-b9e7-4d0b950d210f",
"ipv4-addr--5931342a-e8ac-4fe0-b9e7-4d0b950d210f",
"indicator--5931342b-b158-48b4-ba22-4a0f950d210f",
"indicator--5931342c-9d24-4760-acb9-4eff950d210f",
"observed-data--5931342e-7540-4cb7-a564-4218950d210f",
"network-traffic--5931342e-7540-4cb7-a564-4218950d210f",
"ipv4-addr--5931342e-7540-4cb7-a564-4218950d210f",
"indicator--59313674-52fc-497a-86fb-41ca02de0b81",
"indicator--59313675-b4d0-4572-b11d-4fa402de0b81",
"observed-data--59313676-7ad4-4820-8384-467b02de0b81",
"url--59313676-7ad4-4820-8384-467b02de0b81",
"indicator--59313678-1068-434e-9974-42f502de0b81",
"indicator--59313679-bcac-4e4d-a696-4cfa02de0b81",
"observed-data--5931367a-5b9c-4764-9fda-4ddd02de0b81",
"url--5931367a-5b9c-4764-9fda-4ddd02de0b81",
"indicator--5931367b-b318-4acd-aa54-461b02de0b81",
"indicator--5931367c-5748-4dd8-b3e7-488d02de0b81",
"observed-data--5931367d-75b0-46ab-befa-41e302de0b81",
"url--5931367d-75b0-46ab-befa-41e302de0b81"
],
"labels": [
"Threat-Report",
"misp:tool=\"MISP-STIX-Converter\""
],
"object_marking_refs": [
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133d9-f10c-47f0-a215-4bff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[file:hashes.MD5 = 'e364235c573d3b60a5f56a124b325da0']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133db-da10-411f-814e-442e950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[file:hashes.MD5 = '04a20327fc3a5d98c41e0096452bf9e6']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133dc-15f0-48a2-84cd-4792950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[file:hashes.MD5 = '603befc50bfcc0a214eacf473ec6baec']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"md5\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133de-20e4-4e43-92c2-43b1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://benefeet.org/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133e0-04a8-4f13-ac42-4543950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'benefeet.org']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593133e2-d0cc-4f61-ab71-4abe950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--593133e2-d0cc-4f61-ab71-4abe950d210f",
"ipv4-addr--593133e2-d0cc-4f61-ab71-4abe950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--593133e2-d0cc-4f61-ab71-4abe950d210f",
"dst_ref": "ipv4-addr--593133e2-d0cc-4f61-ab71-4abe950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--593133e2-d0cc-4f61-ab71-4abe950d210f",
"value": "76.74.128.210"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133e4-5d7c-46e7-8453-416c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://dsopro.com/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133e6-4204-45e9-8211-41cb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'dsopro.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593133e8-cb64-4d9f-8706-454a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--593133e8-cb64-4d9f-8706-454a950d210f",
"ipv4-addr--593133e8-cb64-4d9f-8706-454a950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--593133e8-cb64-4d9f-8706-454a950d210f",
"dst_ref": "ipv4-addr--593133e8-cb64-4d9f-8706-454a950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--593133e8-cb64-4d9f-8706-454a950d210f",
"value": "35.166.221.246"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133e9-a094-4b37-ad39-4957950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://eselink.com.my/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133eb-8198-4f5e-b0da-4fd8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'eselink.com.my']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593133ee-dbac-4350-9bcb-49a7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--593133ee-dbac-4350-9bcb-49a7950d210f",
"ipv4-addr--593133ee-dbac-4350-9bcb-49a7950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--593133ee-dbac-4350-9bcb-49a7950d210f",
"dst_ref": "ipv4-addr--593133ee-dbac-4350-9bcb-49a7950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--593133ee-dbac-4350-9bcb-49a7950d210f",
"value": "124.150.140.96"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133f0-bfa8-417a-a021-4249950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://e-snhv.com/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133f1-7774-407a-b893-4d97950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'e-snhv.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593133f5-62a0-423b-bc36-4a56950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--593133f5-62a0-423b-bc36-4a56950d210f",
"ipv4-addr--593133f5-62a0-423b-bc36-4a56950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--593133f5-62a0-423b-bc36-4a56950d210f",
"dst_ref": "ipv4-addr--593133f5-62a0-423b-bc36-4a56950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--593133f5-62a0-423b-bc36-4a56950d210f",
"value": "61.106.62.37"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133f6-42b8-48ad-8929-41af950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://fabriquekorea.com/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133f8-9674-43f5-ba2f-470c950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'fabriquekorea.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593133fa-3c50-4981-8b74-47f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--593133fa-3c50-4981-8b74-47f4950d210f",
"ipv4-addr--593133fa-3c50-4981-8b74-47f4950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--593133fa-3c50-4981-8b74-47f4950d210f",
"dst_ref": "ipv4-addr--593133fa-3c50-4981-8b74-47f4950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--593133fa-3c50-4981-8b74-47f4950d210f",
"value": "211.174.62.52"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133fc-c6f4-404c-a4c3-46b0950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://katoconsulting.ro/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--593133fe-8118-4284-aada-4945950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'katoconsulting.ro']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--593133ff-58ec-41df-a867-4991950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--593133ff-58ec-41df-a867-4991950d210f",
"ipv4-addr--593133ff-58ec-41df-a867-4991950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--593133ff-58ec-41df-a867-4991950d210f",
"dst_ref": "ipv4-addr--593133ff-58ec-41df-a867-4991950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--593133ff-58ec-41df-a867-4991950d210f",
"value": "87.229.112.11"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313400-05d0-4a96-b874-40f1950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://newserniggrofg.net/af/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313402-bd54-44e5-aca2-47a4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'newserniggrofg.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59313404-77c8-4f47-aba2-4825950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59313404-77c8-4f47-aba2-4825950d210f",
"ipv4-addr--59313404-77c8-4f47-aba2-4825950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59313404-77c8-4f47-aba2-4825950d210f",
"dst_ref": "ipv4-addr--59313404-77c8-4f47-aba2-4825950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59313404-77c8-4f47-aba2-4825950d210f",
"value": "185.195.24.85"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313406-d784-45ad-86fb-4b21950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://orhangazitur.com/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313408-7f80-410e-8f3c-4a45950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'orhangazitur.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59313409-f2a0-40de-9df1-4ffb950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59313409-f2a0-40de-9df1-4ffb950d210f",
"ipv4-addr--59313409-f2a0-40de-9df1-4ffb950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59313409-f2a0-40de-9df1-4ffb950d210f",
"dst_ref": "ipv4-addr--59313409-f2a0-40de-9df1-4ffb950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59313409-f2a0-40de-9df1-4ffb950d210f",
"value": "109.232.220.235"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5931340b-da7c-4806-857a-4335950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://paradigmenergycorp.com/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5931340e-d1fc-4b27-8190-42a8950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'paradigmenergycorp.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59313410-47dc-468a-bbd3-4978950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59313410-47dc-468a-bbd3-4978950d210f",
"ipv4-addr--59313410-47dc-468a-bbd3-4978950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59313410-47dc-468a-bbd3-4978950d210f",
"dst_ref": "ipv4-addr--59313410-47dc-468a-bbd3-4978950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59313410-47dc-468a-bbd3-4978950d210f",
"value": "107.180.40.126"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313412-87ec-48dc-94fc-4205950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://poltec.com.au/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313413-5c38-4e69-b62f-4367950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'poltec.com.au']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59313414-19a4-4996-88ef-4f11950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59313414-19a4-4996-88ef-4f11950d210f",
"ipv4-addr--59313414-19a4-4996-88ef-4f11950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59313414-19a4-4996-88ef-4f11950d210f",
"dst_ref": "ipv4-addr--59313414-19a4-4996-88ef-4f11950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59313414-19a4-4996-88ef-4f11950d210f",
"value": "27.54.86.236"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313416-3fbc-41ab-a6c4-4359950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://praktikum-marketing.de/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313417-036c-4a04-8a39-44f4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'praktikum-marketing.de']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59313418-a344-41c0-b999-4a0d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59313418-a344-41c0-b999-4a0d950d210f",
"ipv4-addr--59313418-a344-41c0-b999-4a0d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59313418-a344-41c0-b999-4a0d950d210f",
"dst_ref": "ipv4-addr--59313418-a344-41c0-b999-4a0d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59313418-a344-41c0-b999-4a0d950d210f",
"value": "76.74.235.244"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313419-8f00-435b-94e5-4224950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://pw-shop.com/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5931341a-0d84-4991-bfdb-4556950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'pw-shop.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5931341b-a2a8-46ef-b913-487a950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5931341b-a2a8-46ef-b913-487a950d210f",
"ipv4-addr--5931341b-a2a8-46ef-b913-487a950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5931341b-a2a8-46ef-b913-487a950d210f",
"dst_ref": "ipv4-addr--5931341b-a2a8-46ef-b913-487a950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5931341b-a2a8-46ef-b913-487a950d210f",
"value": "93.170.136.50"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5931341c-690c-445b-8817-48d4950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://resevesssetornument.com/af/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5931341d-5bd4-465f-ab05-4ae9950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'resevesssetornument.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313420-b6cc-4c18-a737-4b85950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://tasfirin-ustasi.net/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313421-7d30-4bdd-9172-4bf7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'tasfirin-ustasi.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59313422-a36c-426d-8470-40d3950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59313422-a36c-426d-8470-40d3950d210f",
"ipv4-addr--59313422-a36c-426d-8470-40d3950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59313422-a36c-426d-8470-40d3950d210f",
"dst_ref": "ipv4-addr--59313422-a36c-426d-8470-40d3950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59313422-a36c-426d-8470-40d3950d210f",
"value": "95.173.189.38"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313424-8b8c-4677-ab56-4fc7950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://theexcelconsultant.com/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313425-9418-4f28-9425-4492950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'theexcelconsultant.com']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59313426-0db8-4df6-91fc-422d950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--59313426-0db8-4df6-91fc-422d950d210f",
"ipv4-addr--59313426-0db8-4df6-91fc-422d950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--59313426-0db8-4df6-91fc-422d950d210f",
"dst_ref": "ipv4-addr--59313426-0db8-4df6-91fc-422d950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--59313426-0db8-4df6-91fc-422d950d210f",
"value": "65.39.193.50"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313427-fb94-4e62-844b-4217950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://vigs.mx/7rvmnb']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313428-d794-4b27-a4d3-4157950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'vigs.mx']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5931342a-e8ac-4fe0-b9e7-4d0b950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5931342a-e8ac-4fe0-b9e7-4d0b950d210f",
"ipv4-addr--5931342a-e8ac-4fe0-b9e7-4d0b950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5931342a-e8ac-4fe0-b9e7-4d0b950d210f",
"dst_ref": "ipv4-addr--5931342a-e8ac-4fe0-b9e7-4d0b950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5931342a-e8ac-4fe0-b9e7-4d0b950d210f",
"value": "192.185.48.180"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5931342b-b158-48b4-ba22-4a0f950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[url:value = 'http://whoisfoxxrobiouy.net/a5/']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"url\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5931342c-9d24-4760-acb9-4eff950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:56:13.000Z",
"modified": "2017-06-02T09:56:13.000Z",
"pattern": "[domain-name:value = 'whoisfoxxrobiouy.net']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:56:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Network activity"
}
],
"labels": [
"misp:type=\"hostname\"",
"misp:category=\"Network activity\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5931342e-7540-4cb7-a564-4218950d210f",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T15:15:25.000Z",
"modified": "2017-06-02T15:15:25.000Z",
"first_observed": "2017-06-02T15:15:25Z",
"last_observed": "2017-06-02T15:15:25Z",
"number_observed": 1,
"object_refs": [
"network-traffic--5931342e-7540-4cb7-a564-4218950d210f",
"ipv4-addr--5931342e-7540-4cb7-a564-4218950d210f"
],
"labels": [
"misp:type=\"ip-dst\"",
"misp:category=\"Network activity\""
]
},
{
"type": "network-traffic",
"spec_version": "2.1",
"id": "network-traffic--5931342e-7540-4cb7-a564-4218950d210f",
"dst_ref": "ipv4-addr--5931342e-7540-4cb7-a564-4218950d210f",
"protocols": [
"tcp"
]
},
{
"type": "ipv4-addr",
"spec_version": "2.1",
"id": "ipv4-addr--5931342e-7540-4cb7-a564-4218950d210f",
"value": "5.101.66.85"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313674-52fc-497a-86fb-41ca02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:57:08.000Z",
"modified": "2017-06-02T09:57:08.000Z",
"description": "- Xchecked via VT: e364235c573d3b60a5f56a124b325da0",
"pattern": "[file:hashes.SHA256 = '98f0f68feb0495de61add43c717ccb462fbe46bc977bb295c688bd4511272b55']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:57:08Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313675-b4d0-4572-b11d-4fa402de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:57:09.000Z",
"modified": "2017-06-02T09:57:09.000Z",
"description": "- Xchecked via VT: e364235c573d3b60a5f56a124b325da0",
"pattern": "[file:hashes.SHA1 = 'fdcf6a75156d3ecae169ceadb6a89d06f9e00410']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:57:09Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--59313676-7ad4-4820-8384-467b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:57:10.000Z",
"modified": "2017-06-02T09:57:10.000Z",
"first_observed": "2017-06-02T09:57:10Z",
"last_observed": "2017-06-02T09:57:10Z",
"number_observed": 1,
"object_refs": [
"url--59313676-7ad4-4820-8384-467b02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--59313676-7ad4-4820-8384-467b02de0b81",
"value": "https://www.virustotal.com/file/98f0f68feb0495de61add43c717ccb462fbe46bc977bb295c688bd4511272b55/analysis/1496390071/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313678-1068-434e-9974-42f502de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:57:12.000Z",
"modified": "2017-06-02T09:57:12.000Z",
"description": "- Xchecked via VT: 04a20327fc3a5d98c41e0096452bf9e6",
"pattern": "[file:hashes.SHA256 = '824901dd0b1660f00c3406cb888118c8a10f66e3258b5020f7ea289434618b13']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:57:12Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--59313679-bcac-4e4d-a696-4cfa02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:57:13.000Z",
"modified": "2017-06-02T09:57:13.000Z",
"description": "- Xchecked via VT: 04a20327fc3a5d98c41e0096452bf9e6",
"pattern": "[file:hashes.SHA1 = 'ed69a648f6bce5e652d24fc7dd3f622b04acb98b']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:57:13Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5931367a-5b9c-4764-9fda-4ddd02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:57:14.000Z",
"modified": "2017-06-02T09:57:14.000Z",
"first_observed": "2017-06-02T09:57:14Z",
"last_observed": "2017-06-02T09:57:14Z",
"number_observed": 1,
"object_refs": [
"url--5931367a-5b9c-4764-9fda-4ddd02de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5931367a-5b9c-4764-9fda-4ddd02de0b81",
"value": "https://www.virustotal.com/file/824901dd0b1660f00c3406cb888118c8a10f66e3258b5020f7ea289434618b13/analysis/1496392189/"
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5931367b-b318-4acd-aa54-461b02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:57:15.000Z",
"modified": "2017-06-02T09:57:15.000Z",
"description": "- Xchecked via VT: 603befc50bfcc0a214eacf473ec6baec",
"pattern": "[file:hashes.SHA256 = '312940e15c0251315fb2a8f2920d842fb61f54d5f4d0ce61b60420d972c3c978']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:57:15Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha256\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "indicator",
"spec_version": "2.1",
"id": "indicator--5931367c-5748-4dd8-b3e7-488d02de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:57:16.000Z",
"modified": "2017-06-02T09:57:16.000Z",
"description": "- Xchecked via VT: 603befc50bfcc0a214eacf473ec6baec",
"pattern": "[file:hashes.SHA1 = '85a85eb1046aaffd6d4752b38d1a8b1eb3ec2581']",
"pattern_type": "stix",
"pattern_version": "2.1",
"valid_from": "2017-06-02T09:57:16Z",
"kill_chain_phases": [
{
"kill_chain_name": "misp-category",
"phase_name": "Artifacts dropped"
}
],
"labels": [
"misp:type=\"sha1\"",
"misp:category=\"Artifacts dropped\"",
"misp:to_ids=\"True\""
]
},
{
"type": "observed-data",
"spec_version": "2.1",
"id": "observed-data--5931367d-75b0-46ab-befa-41e302de0b81",
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
"created": "2017-06-02T09:57:17.000Z",
"modified": "2017-06-02T09:57:17.000Z",
"first_observed": "2017-06-02T09:57:17Z",
"last_observed": "2017-06-02T09:57:17Z",
"number_observed": 1,
"object_refs": [
"url--5931367d-75b0-46ab-befa-41e302de0b81"
],
"labels": [
"misp:type=\"link\"",
"misp:category=\"External analysis\""
]
},
{
"type": "url",
"spec_version": "2.1",
"id": "url--5931367d-75b0-46ab-befa-41e302de0b81",
"value": "https://www.virustotal.com/file/312940e15c0251315fb2a8f2920d842fb61f54d5f4d0ce61b60420d972c3c978/analysis/1496352757/"
},
{
"type": "marking-definition",
"spec_version": "2.1",
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
"created": "2017-01-20T00:00:00.000Z",
"definition_type": "tlp",
"name": "TLP:WHITE",
"definition": {
"tlp": "white"
}
}
]
}
Reference in a new issue View git blame Copy permalink