4182 lines
No EOL
166 KiB
JSON
4182 lines
No EOL
166 KiB
JSON
{
|
|
"type": "bundle",
|
|
"id": "bundle--5942404e-7c54-4842-8599-4037950d210f",
|
|
"objects": [
|
|
{
|
|
"type": "identity",
|
|
"spec_version": "2.1",
|
|
"id": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T12:41:38.000Z",
|
|
"modified": "2017-06-16T12:41:38.000Z",
|
|
"name": "CIRCL",
|
|
"identity_class": "organization"
|
|
},
|
|
{
|
|
"type": "report",
|
|
"spec_version": "2.1",
|
|
"id": "report--5942404e-7c54-4842-8599-4037950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T12:41:38.000Z",
|
|
"modified": "2017-06-16T12:41:38.000Z",
|
|
"name": "M2M - Trickbot 2017-06-14 : mac1 : \"Emailing: 123456789\" - \"123456789.PDF\"",
|
|
"published": "2017-06-16T12:43:57Z",
|
|
"object_refs": [
|
|
"indicator--5942404f-66b8-49dc-bb86-4344950d210f",
|
|
"indicator--5942404f-6a74-4a74-9caa-4750950d210f",
|
|
"indicator--59424050-f328-4887-bff5-4104950d210f",
|
|
"indicator--59424050-64e8-45cd-9ca1-494c950d210f",
|
|
"observed-data--59424051-8494-4061-9482-4e34950d210f",
|
|
"network-traffic--59424051-8494-4061-9482-4e34950d210f",
|
|
"ipv4-addr--59424051-8494-4061-9482-4e34950d210f",
|
|
"indicator--59424052-bec4-4849-991b-4c9d950d210f",
|
|
"indicator--59424052-7970-4e58-9011-45c1950d210f",
|
|
"observed-data--59424053-3cf4-4a6d-b5a7-4d97950d210f",
|
|
"network-traffic--59424053-3cf4-4a6d-b5a7-4d97950d210f",
|
|
"ipv4-addr--59424053-3cf4-4a6d-b5a7-4d97950d210f",
|
|
"indicator--59424053-3e80-4365-907c-4226950d210f",
|
|
"indicator--59424054-46dc-40d7-8e68-4786950d210f",
|
|
"observed-data--59424055-e474-4fb7-a2d4-4ff3950d210f",
|
|
"network-traffic--59424055-e474-4fb7-a2d4-4ff3950d210f",
|
|
"ipv4-addr--59424055-e474-4fb7-a2d4-4ff3950d210f",
|
|
"indicator--59424056-0cb0-4cce-9a52-4d4a950d210f",
|
|
"indicator--59424056-10c4-4c33-9a04-486f950d210f",
|
|
"observed-data--59424058-7668-4232-83fa-4039950d210f",
|
|
"network-traffic--59424058-7668-4232-83fa-4039950d210f",
|
|
"ipv4-addr--59424058-7668-4232-83fa-4039950d210f",
|
|
"indicator--59424059-2e90-44bd-b306-4414950d210f",
|
|
"indicator--59424059-0790-4ee9-ae13-4a8d950d210f",
|
|
"observed-data--5942405b-caa8-4f47-a2d2-4f9b950d210f",
|
|
"network-traffic--5942405b-caa8-4f47-a2d2-4f9b950d210f",
|
|
"ipv4-addr--5942405b-caa8-4f47-a2d2-4f9b950d210f",
|
|
"indicator--5942405c-f7ac-4c16-b857-4872950d210f",
|
|
"indicator--5942405c-4ca0-46ce-97d0-4448950d210f",
|
|
"observed-data--5942405d-8dbc-4643-aaec-478c950d210f",
|
|
"network-traffic--5942405d-8dbc-4643-aaec-478c950d210f",
|
|
"ipv4-addr--5942405d-8dbc-4643-aaec-478c950d210f",
|
|
"indicator--5942405d-b95c-414f-b51e-47e3950d210f",
|
|
"indicator--5942405e-4c28-41da-9c1b-47e2950d210f",
|
|
"observed-data--5942405e-eab8-49cf-9421-40f6950d210f",
|
|
"network-traffic--5942405e-eab8-49cf-9421-40f6950d210f",
|
|
"ipv4-addr--5942405e-eab8-49cf-9421-40f6950d210f",
|
|
"indicator--59424060-759c-46b4-a91f-4d56950d210f",
|
|
"indicator--59424060-4cdc-4e42-9521-4e27950d210f",
|
|
"observed-data--59424062-9f1c-4a11-a5c2-48a9950d210f",
|
|
"network-traffic--59424062-9f1c-4a11-a5c2-48a9950d210f",
|
|
"ipv4-addr--59424062-9f1c-4a11-a5c2-48a9950d210f",
|
|
"indicator--59424062-cf10-45c7-8ae3-4a97950d210f",
|
|
"indicator--59424063-5758-4ea5-b972-44b7950d210f",
|
|
"observed-data--59424063-61ec-4093-ac64-458c950d210f",
|
|
"network-traffic--59424063-61ec-4093-ac64-458c950d210f",
|
|
"ipv4-addr--59424063-61ec-4093-ac64-458c950d210f",
|
|
"indicator--59424064-58dc-45ef-b91b-4329950d210f",
|
|
"indicator--59424065-9e74-4999-9205-41c0950d210f",
|
|
"observed-data--59424067-e7fc-4d7c-ba34-42c3950d210f",
|
|
"network-traffic--59424067-e7fc-4d7c-ba34-42c3950d210f",
|
|
"ipv4-addr--59424067-e7fc-4d7c-ba34-42c3950d210f",
|
|
"indicator--59424067-b3f8-48ac-b19c-49e0950d210f",
|
|
"indicator--59424068-2664-4575-8ef6-4d5d950d210f",
|
|
"observed-data--5942406a-3c28-42fb-888e-4ee7950d210f",
|
|
"network-traffic--5942406a-3c28-42fb-888e-4ee7950d210f",
|
|
"ipv4-addr--5942406a-3c28-42fb-888e-4ee7950d210f",
|
|
"indicator--5942406a-72d0-4cb8-ab8d-458b950d210f",
|
|
"indicator--5942406b-82c4-4540-8e9a-41d1950d210f",
|
|
"observed-data--5942406c-e5ac-4d6a-8047-44bb950d210f",
|
|
"network-traffic--5942406c-e5ac-4d6a-8047-44bb950d210f",
|
|
"ipv4-addr--5942406c-e5ac-4d6a-8047-44bb950d210f",
|
|
"indicator--5942406d-f43c-4729-833b-4e5e950d210f",
|
|
"indicator--5942406d-a1d0-4fb5-811c-49b3950d210f",
|
|
"observed-data--5942406e-89e8-4e9c-ae11-4a9e950d210f",
|
|
"network-traffic--5942406e-89e8-4e9c-ae11-4a9e950d210f",
|
|
"ipv4-addr--5942406e-89e8-4e9c-ae11-4a9e950d210f",
|
|
"indicator--5942406f-78e8-4983-a806-47a9950d210f",
|
|
"indicator--5942406f-e10c-4ec7-a218-4212950d210f",
|
|
"observed-data--59424070-0280-4854-ac61-45c5950d210f",
|
|
"network-traffic--59424070-0280-4854-ac61-45c5950d210f",
|
|
"ipv4-addr--59424070-0280-4854-ac61-45c5950d210f",
|
|
"indicator--59424071-6934-4071-9a5f-47f8950d210f",
|
|
"indicator--59424071-f10c-4652-b3bb-43eb950d210f",
|
|
"observed-data--59424072-7140-47af-a90a-4a6a950d210f",
|
|
"network-traffic--59424072-7140-47af-a90a-4a6a950d210f",
|
|
"ipv4-addr--59424072-7140-47af-a90a-4a6a950d210f",
|
|
"indicator--59424073-0e6c-45b4-a781-4b0d950d210f",
|
|
"indicator--59424074-ebf0-4b0f-9f28-46b9950d210f",
|
|
"observed-data--59424075-37fc-44e5-ac47-402b950d210f",
|
|
"network-traffic--59424075-37fc-44e5-ac47-402b950d210f",
|
|
"ipv4-addr--59424075-37fc-44e5-ac47-402b950d210f",
|
|
"indicator--59424075-83b0-4ee4-b46f-4a32950d210f",
|
|
"indicator--59424076-b33c-4a95-b932-4e00950d210f",
|
|
"observed-data--59424085-930c-450a-94b2-4399950d210f",
|
|
"network-traffic--59424085-930c-450a-94b2-4399950d210f",
|
|
"ipv4-addr--59424085-930c-450a-94b2-4399950d210f",
|
|
"indicator--59424086-4dcc-4e9a-9e65-4bea950d210f",
|
|
"indicator--59424087-bf6c-4229-954b-4255950d210f",
|
|
"observed-data--59424087-7430-4980-937f-4b23950d210f",
|
|
"network-traffic--59424087-7430-4980-937f-4b23950d210f",
|
|
"ipv4-addr--59424087-7430-4980-937f-4b23950d210f",
|
|
"indicator--59424088-6ac4-4e95-a3cd-46b2950d210f",
|
|
"indicator--59424089-f290-47c7-9c5e-4492950d210f",
|
|
"observed-data--5942408a-c65c-46ea-9dd5-4866950d210f",
|
|
"network-traffic--5942408a-c65c-46ea-9dd5-4866950d210f",
|
|
"ipv4-addr--5942408a-c65c-46ea-9dd5-4866950d210f",
|
|
"indicator--5942408a-91dc-4e6d-bb44-45bd950d210f",
|
|
"indicator--5942408b-77ac-4ff3-b93d-4ba5950d210f",
|
|
"observed-data--5942408c-a83c-485e-996d-47c5950d210f",
|
|
"network-traffic--5942408c-a83c-485e-996d-47c5950d210f",
|
|
"ipv4-addr--5942408c-a83c-485e-996d-47c5950d210f",
|
|
"indicator--5942408d-9d2c-4e3c-8102-4779950d210f",
|
|
"indicator--5942408e-d790-4796-8fca-4fd4950d210f",
|
|
"observed-data--5942408e-0f40-4de8-a77b-43d5950d210f",
|
|
"network-traffic--5942408e-0f40-4de8-a77b-43d5950d210f",
|
|
"ipv4-addr--5942408e-0f40-4de8-a77b-43d5950d210f",
|
|
"indicator--5942408f-be94-400c-a863-4d3e950d210f",
|
|
"indicator--5942408f-4de4-4e51-9f3d-4f03950d210f",
|
|
"observed-data--59424091-a76c-46ad-b3ef-4ac9950d210f",
|
|
"network-traffic--59424091-a76c-46ad-b3ef-4ac9950d210f",
|
|
"ipv4-addr--59424091-a76c-46ad-b3ef-4ac9950d210f",
|
|
"observed-data--59424091-db48-443f-aaa2-45ee950d210f",
|
|
"network-traffic--59424091-db48-443f-aaa2-45ee950d210f",
|
|
"ipv4-addr--59424091-db48-443f-aaa2-45ee950d210f",
|
|
"indicator--59424092-8990-4e65-b063-4095950d210f",
|
|
"indicator--59424093-bd04-4efa-bb59-4e78950d210f",
|
|
"observed-data--59424094-8340-46b9-a1bb-40c0950d210f",
|
|
"network-traffic--59424094-8340-46b9-a1bb-40c0950d210f",
|
|
"ipv4-addr--59424094-8340-46b9-a1bb-40c0950d210f",
|
|
"indicator--59424094-5160-474c-bd64-4805950d210f",
|
|
"indicator--59424095-f718-47f5-9a86-40f1950d210f",
|
|
"observed-data--59424095-4594-4197-b2bf-4e8e950d210f",
|
|
"network-traffic--59424095-4594-4197-b2bf-4e8e950d210f",
|
|
"ipv4-addr--59424095-4594-4197-b2bf-4e8e950d210f",
|
|
"indicator--59424096-1178-4c55-b0f7-4ea5950d210f",
|
|
"indicator--59424096-1788-43ed-9b8e-48e2950d210f",
|
|
"indicator--59424099-fa20-4461-96cf-4514950d210f",
|
|
"indicator--59424099-2e3c-4e79-8a4a-4533950d210f",
|
|
"observed-data--5942409a-36a4-4b33-b4e1-404f950d210f",
|
|
"network-traffic--5942409a-36a4-4b33-b4e1-404f950d210f",
|
|
"ipv4-addr--5942409a-36a4-4b33-b4e1-404f950d210f",
|
|
"indicator--5942409b-8688-4c8d-b6a9-4827950d210f",
|
|
"indicator--5942409b-8204-4572-b594-40e4950d210f",
|
|
"observed-data--5942409c-5b3c-4eea-b763-473b950d210f",
|
|
"network-traffic--5942409c-5b3c-4eea-b763-473b950d210f",
|
|
"ipv4-addr--5942409c-5b3c-4eea-b763-473b950d210f",
|
|
"indicator--5942409d-50e8-41a6-8966-446e950d210f",
|
|
"indicator--5942409d-5698-431f-b983-4dd6950d210f",
|
|
"observed-data--5942409f-3674-4f7f-97ae-4d64950d210f",
|
|
"network-traffic--5942409f-3674-4f7f-97ae-4d64950d210f",
|
|
"ipv4-addr--5942409f-3674-4f7f-97ae-4d64950d210f",
|
|
"indicator--594240a0-1c34-4548-95b7-4fca950d210f",
|
|
"indicator--594240a0-b8a4-4eb3-9327-4b84950d210f",
|
|
"observed-data--594240a1-5f10-4747-b1b9-4af8950d210f",
|
|
"network-traffic--594240a1-5f10-4747-b1b9-4af8950d210f",
|
|
"ipv4-addr--594240a1-5f10-4747-b1b9-4af8950d210f",
|
|
"indicator--594240a1-87e0-4301-8878-4bf3950d210f",
|
|
"indicator--594240a2-0064-4fc8-a206-4887950d210f",
|
|
"observed-data--594240a2-b31c-4ce2-afcc-45b9950d210f",
|
|
"network-traffic--594240a2-b31c-4ce2-afcc-45b9950d210f",
|
|
"ipv4-addr--594240a2-b31c-4ce2-afcc-45b9950d210f",
|
|
"indicator--594240a3-e370-4d75-9e80-4f23950d210f",
|
|
"indicator--594240a3-dd3c-404f-a4cd-44a0950d210f",
|
|
"observed-data--594240a4-97c0-4202-866c-414b950d210f",
|
|
"network-traffic--594240a4-97c0-4202-866c-414b950d210f",
|
|
"ipv4-addr--594240a4-97c0-4202-866c-414b950d210f",
|
|
"indicator--594240a5-e9d8-4d3c-ad44-41c2950d210f",
|
|
"indicator--594240a5-f158-4905-a3ea-4cf4950d210f",
|
|
"observed-data--594240a6-e3cc-40b0-ac41-4e3c950d210f",
|
|
"network-traffic--594240a6-e3cc-40b0-ac41-4e3c950d210f",
|
|
"ipv4-addr--594240a6-e3cc-40b0-ac41-4e3c950d210f",
|
|
"indicator--594240a7-7fb0-4c98-92cc-4499950d210f",
|
|
"indicator--594240a7-80b4-46b4-ac37-492c950d210f",
|
|
"observed-data--594240a8-1a9c-4a9b-a824-4318950d210f",
|
|
"network-traffic--594240a8-1a9c-4a9b-a824-4318950d210f",
|
|
"ipv4-addr--594240a8-1a9c-4a9b-a824-4318950d210f",
|
|
"indicator--594240a8-bf6c-44cf-9d53-4a2b950d210f",
|
|
"indicator--594240a9-79d8-4572-8546-4645950d210f",
|
|
"observed-data--594240aa-72c4-4792-9572-43ab950d210f",
|
|
"network-traffic--594240aa-72c4-4792-9572-43ab950d210f",
|
|
"ipv4-addr--594240aa-72c4-4792-9572-43ab950d210f",
|
|
"observed-data--594240aa-8504-4387-8887-4321950d210f",
|
|
"network-traffic--594240aa-8504-4387-8887-4321950d210f",
|
|
"ipv4-addr--594240aa-8504-4387-8887-4321950d210f",
|
|
"indicator--594240ab-35c8-496c-a3fa-49bd950d210f",
|
|
"indicator--594240ab-ce48-4ca9-a65b-437e950d210f",
|
|
"observed-data--594240ac-3fc0-4aa3-acd0-406b950d210f",
|
|
"network-traffic--594240ac-3fc0-4aa3-acd0-406b950d210f",
|
|
"ipv4-addr--594240ac-3fc0-4aa3-acd0-406b950d210f",
|
|
"observed-data--594240b6-5998-4d5d-a05d-425f950d210f",
|
|
"network-traffic--594240b6-5998-4d5d-a05d-425f950d210f",
|
|
"ipv4-addr--594240b6-5998-4d5d-a05d-425f950d210f",
|
|
"observed-data--594240b7-d70c-4c95-8a82-48db950d210f",
|
|
"network-traffic--594240b7-d70c-4c95-8a82-48db950d210f",
|
|
"ipv4-addr--594240b7-d70c-4c95-8a82-48db950d210f",
|
|
"observed-data--594240b8-51ec-45fa-bb6f-4a86950d210f",
|
|
"network-traffic--594240b8-51ec-45fa-bb6f-4a86950d210f",
|
|
"ipv4-addr--594240b8-51ec-45fa-bb6f-4a86950d210f",
|
|
"observed-data--594240b9-4670-4f0d-b8ee-44b4950d210f",
|
|
"network-traffic--594240b9-4670-4f0d-b8ee-44b4950d210f",
|
|
"ipv4-addr--594240b9-4670-4f0d-b8ee-44b4950d210f",
|
|
"observed-data--594240bb-0114-4f12-9306-42ff950d210f",
|
|
"network-traffic--594240bb-0114-4f12-9306-42ff950d210f",
|
|
"ipv4-addr--594240bb-0114-4f12-9306-42ff950d210f",
|
|
"observed-data--594240bc-3770-49f0-8edc-424a950d210f",
|
|
"network-traffic--594240bc-3770-49f0-8edc-424a950d210f",
|
|
"ipv4-addr--594240bc-3770-49f0-8edc-424a950d210f",
|
|
"observed-data--594240be-7854-41ad-b8cd-4a0d950d210f",
|
|
"network-traffic--594240be-7854-41ad-b8cd-4a0d950d210f",
|
|
"ipv4-addr--594240be-7854-41ad-b8cd-4a0d950d210f",
|
|
"observed-data--594240bf-253c-4293-8a4b-4a6e950d210f",
|
|
"network-traffic--594240bf-253c-4293-8a4b-4a6e950d210f",
|
|
"ipv4-addr--594240bf-253c-4293-8a4b-4a6e950d210f",
|
|
"observed-data--594240c0-6cf0-4c49-98da-4add950d210f",
|
|
"network-traffic--594240c0-6cf0-4c49-98da-4add950d210f",
|
|
"ipv4-addr--594240c0-6cf0-4c49-98da-4add950d210f",
|
|
"observed-data--594240c1-fb6c-4126-a829-459b950d210f",
|
|
"network-traffic--594240c1-fb6c-4126-a829-459b950d210f",
|
|
"ipv4-addr--594240c1-fb6c-4126-a829-459b950d210f",
|
|
"observed-data--594240c2-2a28-4b54-9ddd-4016950d210f",
|
|
"network-traffic--594240c2-2a28-4b54-9ddd-4016950d210f",
|
|
"ipv4-addr--594240c2-2a28-4b54-9ddd-4016950d210f",
|
|
"observed-data--594240c3-5a38-4e9d-ae62-472c950d210f",
|
|
"network-traffic--594240c3-5a38-4e9d-ae62-472c950d210f",
|
|
"ipv4-addr--594240c3-5a38-4e9d-ae62-472c950d210f",
|
|
"observed-data--594240c5-9d60-4ea5-b780-4d12950d210f",
|
|
"network-traffic--594240c5-9d60-4ea5-b780-4d12950d210f",
|
|
"ipv4-addr--594240c5-9d60-4ea5-b780-4d12950d210f",
|
|
"observed-data--594240c7-4c34-41eb-94bd-4229950d210f",
|
|
"network-traffic--594240c7-4c34-41eb-94bd-4229950d210f",
|
|
"ipv4-addr--594240c7-4c34-41eb-94bd-4229950d210f",
|
|
"observed-data--594240c8-3eb4-4949-8ee3-42b7950d210f",
|
|
"network-traffic--594240c8-3eb4-4949-8ee3-42b7950d210f",
|
|
"ipv4-addr--594240c8-3eb4-4949-8ee3-42b7950d210f",
|
|
"observed-data--594240c9-d840-4054-b65a-4044950d210f",
|
|
"network-traffic--594240c9-d840-4054-b65a-4044950d210f",
|
|
"ipv4-addr--594240c9-d840-4054-b65a-4044950d210f",
|
|
"observed-data--594240ca-dc70-44b4-90f5-4235950d210f",
|
|
"network-traffic--594240ca-dc70-44b4-90f5-4235950d210f",
|
|
"ipv4-addr--594240ca-dc70-44b4-90f5-4235950d210f",
|
|
"observed-data--594240cb-8f80-482e-ad3d-470f950d210f",
|
|
"network-traffic--594240cb-8f80-482e-ad3d-470f950d210f",
|
|
"ipv4-addr--594240cb-8f80-482e-ad3d-470f950d210f",
|
|
"observed-data--594240cd-103c-47c8-931a-480b950d210f",
|
|
"network-traffic--594240cd-103c-47c8-931a-480b950d210f",
|
|
"ipv4-addr--594240cd-103c-47c8-931a-480b950d210f",
|
|
"observed-data--594240ce-affc-4cbd-973e-4741950d210f",
|
|
"network-traffic--594240ce-affc-4cbd-973e-4741950d210f",
|
|
"ipv4-addr--594240ce-affc-4cbd-973e-4741950d210f",
|
|
"observed-data--594240cf-fff4-4940-83e2-47c0950d210f",
|
|
"network-traffic--594240cf-fff4-4940-83e2-47c0950d210f",
|
|
"ipv4-addr--594240cf-fff4-4940-83e2-47c0950d210f",
|
|
"observed-data--594240d1-f014-473a-8ce8-4035950d210f",
|
|
"network-traffic--594240d1-f014-473a-8ce8-4035950d210f",
|
|
"ipv4-addr--594240d1-f014-473a-8ce8-4035950d210f",
|
|
"observed-data--594240d2-1798-414c-88b2-4742950d210f",
|
|
"network-traffic--594240d2-1798-414c-88b2-4742950d210f",
|
|
"ipv4-addr--594240d2-1798-414c-88b2-4742950d210f",
|
|
"observed-data--594240d3-c6bc-4059-8c10-499e950d210f",
|
|
"network-traffic--594240d3-c6bc-4059-8c10-499e950d210f",
|
|
"ipv4-addr--594240d3-c6bc-4059-8c10-499e950d210f",
|
|
"observed-data--594240d4-8398-48bc-814f-4397950d210f",
|
|
"network-traffic--594240d4-8398-48bc-814f-4397950d210f",
|
|
"ipv4-addr--594240d4-8398-48bc-814f-4397950d210f",
|
|
"indicator--5943be8b-4ee8-4387-85a5-40dc02de0b81",
|
|
"indicator--5943be8c-65a8-4a55-a531-42e802de0b81",
|
|
"observed-data--5943be8c-679c-460c-9ed8-4d2602de0b81",
|
|
"url--5943be8c-679c-460c-9ed8-4d2602de0b81",
|
|
"indicator--5943be8d-0560-4544-b026-458302de0b81",
|
|
"indicator--5943be8d-3a44-47d7-8c4b-497802de0b81",
|
|
"observed-data--5943be8e-dab4-4b61-8a91-4a7b02de0b81",
|
|
"url--5943be8e-dab4-4b61-8a91-4a7b02de0b81"
|
|
],
|
|
"labels": [
|
|
"Threat-Report",
|
|
"misp:tool=\"MISP-STIX-Converter\""
|
|
],
|
|
"object_marking_refs": [
|
|
"marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9"
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942404f-66b8-49dc-bb86-4344950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[file:hashes.MD5 = '4dc2e516738d5495fd927287a971489c']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942404f-6a74-4a74-9caa-4750950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[file:hashes.MD5 = '72d0b64233735fd25bff272d94b82333']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"md5\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424050-f328-4887-bff5-4104950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://3456group.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424050-64e8-45cd-9ca1-494c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = '3456group.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424051-8494-4061-9482-4e34950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424051-8494-4061-9482-4e34950d210f",
|
|
"ipv4-addr--59424051-8494-4061-9482-4e34950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424051-8494-4061-9482-4e34950d210f",
|
|
"dst_ref": "ipv4-addr--59424051-8494-4061-9482-4e34950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424051-8494-4061-9482-4e34950d210f",
|
|
"value": "69.49.96.24"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424052-bec4-4849-991b-4c9d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://360photoservice.ca/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424052-7970-4e58-9011-45c1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = '360photoservice.ca']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424053-3cf4-4a6d-b5a7-4d97950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424053-3cf4-4a6d-b5a7-4d97950d210f",
|
|
"ipv4-addr--59424053-3cf4-4a6d-b5a7-4d97950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424053-3cf4-4a6d-b5a7-4d97950d210f",
|
|
"dst_ref": "ipv4-addr--59424053-3cf4-4a6d-b5a7-4d97950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424053-3cf4-4a6d-b5a7-4d97950d210f",
|
|
"value": "69.28.199.160"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424053-3e80-4365-907c-4226950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://52aika.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424054-46dc-40d7-8e68-4786950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = '52aika.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424055-e474-4fb7-a2d4-4ff3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424055-e474-4fb7-a2d4-4ff3950d210f",
|
|
"ipv4-addr--59424055-e474-4fb7-a2d4-4ff3950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424055-e474-4fb7-a2d4-4ff3950d210f",
|
|
"dst_ref": "ipv4-addr--59424055-e474-4fb7-a2d4-4ff3950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424055-e474-4fb7-a2d4-4ff3950d210f",
|
|
"value": "14.152.90.146"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424056-0cb0-4cce-9a52-4d4a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://56530006.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424056-10c4-4c33-9a04-486f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = '56530006.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424058-7668-4232-83fa-4039950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424058-7668-4232-83fa-4039950d210f",
|
|
"ipv4-addr--59424058-7668-4232-83fa-4039950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424058-7668-4232-83fa-4039950d210f",
|
|
"dst_ref": "ipv4-addr--59424058-7668-4232-83fa-4039950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424058-7668-4232-83fa-4039950d210f",
|
|
"value": "43.240.14.235"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424059-2e90-44bd-b306-4414950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://78tguyc876wwirglmltm.net/af/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424059-0790-4ee9-ae13-4a8d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = '78tguyc876wwirglmltm.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5942405b-caa8-4f47-a2d2-4f9b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5942405b-caa8-4f47-a2d2-4f9b950d210f",
|
|
"ipv4-addr--5942405b-caa8-4f47-a2d2-4f9b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5942405b-caa8-4f47-a2d2-4f9b950d210f",
|
|
"dst_ref": "ipv4-addr--5942405b-caa8-4f47-a2d2-4f9b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5942405b-caa8-4f47-a2d2-4f9b950d210f",
|
|
"value": "119.28.85.128"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942405c-f7ac-4c16-b857-4872950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://aimtravel.pl/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942405c-4ca0-46ce-97d0-4448950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'aimtravel.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5942405d-8dbc-4643-aaec-478c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5942405d-8dbc-4643-aaec-478c950d210f",
|
|
"ipv4-addr--5942405d-8dbc-4643-aaec-478c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5942405d-8dbc-4643-aaec-478c950d210f",
|
|
"dst_ref": "ipv4-addr--5942405d-8dbc-4643-aaec-478c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5942405d-8dbc-4643-aaec-478c950d210f",
|
|
"value": "95.211.144.65"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942405d-b95c-414f-b51e-47e3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://altisso.pl/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942405e-4c28-41da-9c1b-47e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'altisso.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5942405e-eab8-49cf-9421-40f6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5942405e-eab8-49cf-9421-40f6950d210f",
|
|
"ipv4-addr--5942405e-eab8-49cf-9421-40f6950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5942405e-eab8-49cf-9421-40f6950d210f",
|
|
"dst_ref": "ipv4-addr--5942405e-eab8-49cf-9421-40f6950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5942405e-eab8-49cf-9421-40f6950d210f",
|
|
"value": "136.243.50.2"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424060-759c-46b4-a91f-4d56950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://aoertong.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424060-4cdc-4e42-9521-4e27950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'aoertong.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424062-9f1c-4a11-a5c2-48a9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424062-9f1c-4a11-a5c2-48a9950d210f",
|
|
"ipv4-addr--59424062-9f1c-4a11-a5c2-48a9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424062-9f1c-4a11-a5c2-48a9950d210f",
|
|
"dst_ref": "ipv4-addr--59424062-9f1c-4a11-a5c2-48a9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424062-9f1c-4a11-a5c2-48a9950d210f",
|
|
"value": "43.225.44.151"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424062-cf10-45c7-8ae3-4a97950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://apagmar.pl/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424063-5758-4ea5-b972-44b7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'apagmar.pl']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424063-61ec-4093-ac64-458c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424063-61ec-4093-ac64-458c950d210f",
|
|
"ipv4-addr--59424063-61ec-4093-ac64-458c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424063-61ec-4093-ac64-458c950d210f",
|
|
"dst_ref": "ipv4-addr--59424063-61ec-4093-ac64-458c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424063-61ec-4093-ac64-458c950d210f",
|
|
"value": "148.251.10.145"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424064-58dc-45ef-b91b-4329950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://canhoreal.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424065-9e74-4999-9205-41c0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'canhoreal.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424067-e7fc-4d7c-ba34-42c3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424067-e7fc-4d7c-ba34-42c3950d210f",
|
|
"ipv4-addr--59424067-e7fc-4d7c-ba34-42c3950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424067-e7fc-4d7c-ba34-42c3950d210f",
|
|
"dst_ref": "ipv4-addr--59424067-e7fc-4d7c-ba34-42c3950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424067-e7fc-4d7c-ba34-42c3950d210f",
|
|
"value": "103.18.4.204"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424067-b3f8-48ac-b19c-49e0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://cclimoji.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424068-2664-4575-8ef6-4d5d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'cclimoji.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5942406a-3c28-42fb-888e-4ee7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5942406a-3c28-42fb-888e-4ee7950d210f",
|
|
"ipv4-addr--5942406a-3c28-42fb-888e-4ee7950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5942406a-3c28-42fb-888e-4ee7950d210f",
|
|
"dst_ref": "ipv4-addr--5942406a-3c28-42fb-888e-4ee7950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5942406a-3c28-42fb-888e-4ee7950d210f",
|
|
"value": "120.25.251.140"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942406a-72d0-4cb8-ab8d-458b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://cintasuci.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942406b-82c4-4540-8e9a-41d1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'cintasuci.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5942406c-e5ac-4d6a-8047-44bb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5942406c-e5ac-4d6a-8047-44bb950d210f",
|
|
"ipv4-addr--5942406c-e5ac-4d6a-8047-44bb950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5942406c-e5ac-4d6a-8047-44bb950d210f",
|
|
"dst_ref": "ipv4-addr--5942406c-e5ac-4d6a-8047-44bb950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5942406c-e5ac-4d6a-8047-44bb950d210f",
|
|
"value": "174.120.70.145"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942406d-f43c-4729-833b-4e5e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://comfuture-web.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942406d-a1d0-4fb5-811c-49b3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'comfuture-web.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5942406e-89e8-4e9c-ae11-4a9e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5942406e-89e8-4e9c-ae11-4a9e950d210f",
|
|
"ipv4-addr--5942406e-89e8-4e9c-ae11-4a9e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5942406e-89e8-4e9c-ae11-4a9e950d210f",
|
|
"dst_ref": "ipv4-addr--5942406e-89e8-4e9c-ae11-4a9e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5942406e-89e8-4e9c-ae11-4a9e950d210f",
|
|
"value": "79.133.207.76"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942406f-78e8-4983-a806-47a9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://common-logic.org/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942406f-e10c-4ec7-a218-4212950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'common-logic.org']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424070-0280-4854-ac61-45c5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424070-0280-4854-ac61-45c5950d210f",
|
|
"ipv4-addr--59424070-0280-4854-ac61-45c5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424070-0280-4854-ac61-45c5950d210f",
|
|
"dst_ref": "ipv4-addr--59424070-0280-4854-ac61-45c5950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424070-0280-4854-ac61-45c5950d210f",
|
|
"value": "192.185.129.71"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424071-6934-4071-9a5f-47f8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://contentbiz.net/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424071-f10c-4652-b3bb-43eb950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'contentbiz.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424072-7140-47af-a90a-4a6a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424072-7140-47af-a90a-4a6a950d210f",
|
|
"ipv4-addr--59424072-7140-47af-a90a-4a6a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424072-7140-47af-a90a-4a6a950d210f",
|
|
"dst_ref": "ipv4-addr--59424072-7140-47af-a90a-4a6a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424072-7140-47af-a90a-4a6a950d210f",
|
|
"value": "119.59.97.123"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424073-0e6c-45b4-a781-4b0d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://ctinfotech.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424074-ebf0-4b0f-9f28-46b9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'ctinfotech.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424075-37fc-44e5-ac47-402b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424075-37fc-44e5-ac47-402b950d210f",
|
|
"ipv4-addr--59424075-37fc-44e5-ac47-402b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424075-37fc-44e5-ac47-402b950d210f",
|
|
"dst_ref": "ipv4-addr--59424075-37fc-44e5-ac47-402b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424075-37fc-44e5-ac47-402b950d210f",
|
|
"value": "103.53.43.40"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424075-83b0-4ee4-b46f-4a32950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://lmlstaoci.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424076-b33c-4a95-b932-4e00950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'lmlstaoci.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424085-930c-450a-94b2-4399950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424085-930c-450a-94b2-4399950d210f",
|
|
"ipv4-addr--59424085-930c-450a-94b2-4399950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424085-930c-450a-94b2-4399950d210f",
|
|
"dst_ref": "ipv4-addr--59424085-930c-450a-94b2-4399950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424085-930c-450a-94b2-4399950d210f",
|
|
"value": "209.141.50.122"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424086-4dcc-4e9a-9e65-4bea950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://loantm.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424087-bf6c-4229-954b-4255950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'loantm.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424087-7430-4980-937f-4b23950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424087-7430-4980-937f-4b23950d210f",
|
|
"ipv4-addr--59424087-7430-4980-937f-4b23950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424087-7430-4980-937f-4b23950d210f",
|
|
"dst_ref": "ipv4-addr--59424087-7430-4980-937f-4b23950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424087-7430-4980-937f-4b23950d210f",
|
|
"value": "162.215.253.74"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424088-6ac4-4e95-a3cd-46b2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://mahovik-bg.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424089-f290-47c7-9c5e-4492950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'mahovik-bg.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5942408a-c65c-46ea-9dd5-4866950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5942408a-c65c-46ea-9dd5-4866950d210f",
|
|
"ipv4-addr--5942408a-c65c-46ea-9dd5-4866950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5942408a-c65c-46ea-9dd5-4866950d210f",
|
|
"dst_ref": "ipv4-addr--5942408a-c65c-46ea-9dd5-4866950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5942408a-c65c-46ea-9dd5-4866950d210f",
|
|
"value": "92.43.113.68"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942408a-91dc-4e6d-bb44-45bd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://mailblust.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942408b-77ac-4ff3-b93d-4ba5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'mailblust.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5942408c-a83c-485e-996d-47c5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5942408c-a83c-485e-996d-47c5950d210f",
|
|
"ipv4-addr--5942408c-a83c-485e-996d-47c5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5942408c-a83c-485e-996d-47c5950d210f",
|
|
"dst_ref": "ipv4-addr--5942408c-a83c-485e-996d-47c5950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5942408c-a83c-485e-996d-47c5950d210f",
|
|
"value": "162.251.85.92"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942408d-9d2c-4e3c-8102-4779950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://milchdieb.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942408e-d790-4796-8fca-4fd4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'milchdieb.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5942408e-0f40-4de8-a77b-43d5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5942408e-0f40-4de8-a77b-43d5950d210f",
|
|
"ipv4-addr--5942408e-0f40-4de8-a77b-43d5950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5942408e-0f40-4de8-a77b-43d5950d210f",
|
|
"dst_ref": "ipv4-addr--5942408e-0f40-4de8-a77b-43d5950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5942408e-0f40-4de8-a77b-43d5950d210f",
|
|
"value": "81.169.145.84"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942408f-be94-400c-a863-4d3e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://mochacat.net/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942408f-4de4-4e51-9f3d-4f03950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'mochacat.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424091-a76c-46ad-b3ef-4ac9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424091-a76c-46ad-b3ef-4ac9950d210f",
|
|
"ipv4-addr--59424091-a76c-46ad-b3ef-4ac9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424091-a76c-46ad-b3ef-4ac9950d210f",
|
|
"dst_ref": "ipv4-addr--59424091-a76c-46ad-b3ef-4ac9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424091-a76c-46ad-b3ef-4ac9950d210f",
|
|
"value": "49.212.150.106"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424091-db48-443f-aaa2-45ee950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424091-db48-443f-aaa2-45ee950d210f",
|
|
"ipv4-addr--59424091-db48-443f-aaa2-45ee950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424091-db48-443f-aaa2-45ee950d210f",
|
|
"dst_ref": "ipv4-addr--59424091-db48-443f-aaa2-45ee950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424091-db48-443f-aaa2-45ee950d210f",
|
|
"value": "183.181.26.10"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424092-8990-4e65-b063-4095950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://myhiddentreasures.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424093-bd04-4efa-bb59-4e78950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'myhiddentreasures.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424094-8340-46b9-a1bb-40c0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424094-8340-46b9-a1bb-40c0950d210f",
|
|
"ipv4-addr--59424094-8340-46b9-a1bb-40c0950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424094-8340-46b9-a1bb-40c0950d210f",
|
|
"dst_ref": "ipv4-addr--59424094-8340-46b9-a1bb-40c0950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424094-8340-46b9-a1bb-40c0950d210f",
|
|
"value": "131.153.37.2"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424094-5160-474c-bd64-4805950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://myxos.be/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424095-f718-47f5-9a86-40f1950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'myxos.be']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--59424095-4594-4197-b2bf-4e8e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--59424095-4594-4197-b2bf-4e8e950d210f",
|
|
"ipv4-addr--59424095-4594-4197-b2bf-4e8e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--59424095-4594-4197-b2bf-4e8e950d210f",
|
|
"dst_ref": "ipv4-addr--59424095-4594-4197-b2bf-4e8e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--59424095-4594-4197-b2bf-4e8e950d210f",
|
|
"value": "92.48.206.18"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424096-1178-4c55-b0f7-4ea5950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://randomessstioprottoy.net/af/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424096-1788-43ed-9b8e-48e2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'randomessstioprottoy.net']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424099-fa20-4461-96cf-4514950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://sandat-bali.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--59424099-2e3c-4e79-8a4a-4533950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'sandat-bali.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5942409a-36a4-4b33-b4e1-404f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5942409a-36a4-4b33-b4e1-404f950d210f",
|
|
"ipv4-addr--5942409a-36a4-4b33-b4e1-404f950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5942409a-36a4-4b33-b4e1-404f950d210f",
|
|
"dst_ref": "ipv4-addr--5942409a-36a4-4b33-b4e1-404f950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5942409a-36a4-4b33-b4e1-404f950d210f",
|
|
"value": "219.83.68.91"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942409b-8688-4c8d-b6a9-4827950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://sharuindustries.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942409b-8204-4572-b594-40e4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'sharuindustries.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5942409c-5b3c-4eea-b763-473b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5942409c-5b3c-4eea-b763-473b950d210f",
|
|
"ipv4-addr--5942409c-5b3c-4eea-b763-473b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5942409c-5b3c-4eea-b763-473b950d210f",
|
|
"dst_ref": "ipv4-addr--5942409c-5b3c-4eea-b763-473b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5942409c-5b3c-4eea-b763-473b950d210f",
|
|
"value": "103.21.59.25"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942409d-50e8-41a6-8966-446e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://sieuthionline.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5942409d-5698-431f-b983-4dd6950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'sieuthionline.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5942409f-3674-4f7f-97ae-4d64950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--5942409f-3674-4f7f-97ae-4d64950d210f",
|
|
"ipv4-addr--5942409f-3674-4f7f-97ae-4d64950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--5942409f-3674-4f7f-97ae-4d64950d210f",
|
|
"dst_ref": "ipv4-addr--5942409f-3674-4f7f-97ae-4d64950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--5942409f-3674-4f7f-97ae-4d64950d210f",
|
|
"value": "27.0.15.26"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594240a0-1c34-4548-95b7-4fca950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://skyfling.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594240a0-b8a4-4eb3-9327-4b84950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'skyfling.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240a1-5f10-4747-b1b9-4af8950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240a1-5f10-4747-b1b9-4af8950d210f",
|
|
"ipv4-addr--594240a1-5f10-4747-b1b9-4af8950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240a1-5f10-4747-b1b9-4af8950d210f",
|
|
"dst_ref": "ipv4-addr--594240a1-5f10-4747-b1b9-4af8950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240a1-5f10-4747-b1b9-4af8950d210f",
|
|
"value": "103.53.42.51"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594240a1-87e0-4301-8878-4bf3950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://sll9.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594240a2-0064-4fc8-a206-4887950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'sll9.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240a2-b31c-4ce2-afcc-45b9950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240a2-b31c-4ce2-afcc-45b9950d210f",
|
|
"ipv4-addr--594240a2-b31c-4ce2-afcc-45b9950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240a2-b31c-4ce2-afcc-45b9950d210f",
|
|
"dst_ref": "ipv4-addr--594240a2-b31c-4ce2-afcc-45b9950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240a2-b31c-4ce2-afcc-45b9950d210f",
|
|
"value": "23.94.215.117"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594240a3-e370-4d75-9e80-4f23950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://snnftp.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594240a3-dd3c-404f-a4cd-44a0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'snnftp.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240a4-97c0-4202-866c-414b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240a4-97c0-4202-866c-414b950d210f",
|
|
"ipv4-addr--594240a4-97c0-4202-866c-414b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240a4-97c0-4202-866c-414b950d210f",
|
|
"dst_ref": "ipv4-addr--594240a4-97c0-4202-866c-414b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240a4-97c0-4202-866c-414b950d210f",
|
|
"value": "162.144.146.80"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594240a5-e9d8-4d3c-ad44-41c2950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://somersetautotints.co.uk/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594240a5-f158-4905-a3ea-4cf4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'somersetautotints.co.uk']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240a6-e3cc-40b0-ac41-4e3c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240a6-e3cc-40b0-ac41-4e3c950d210f",
|
|
"ipv4-addr--594240a6-e3cc-40b0-ac41-4e3c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240a6-e3cc-40b0-ac41-4e3c950d210f",
|
|
"dst_ref": "ipv4-addr--594240a6-e3cc-40b0-ac41-4e3c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240a6-e3cc-40b0-ac41-4e3c950d210f",
|
|
"value": "5.133.180.146"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594240a7-7fb0-4c98-92cc-4499950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://surfmohammedia.ueuo.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594240a7-80b4-46b4-ac37-492c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'surfmohammedia.ueuo.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240a8-1a9c-4a9b-a824-4318950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240a8-1a9c-4a9b-a824-4318950d210f",
|
|
"ipv4-addr--594240a8-1a9c-4a9b-a824-4318950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240a8-1a9c-4a9b-a824-4318950d210f",
|
|
"dst_ref": "ipv4-addr--594240a8-1a9c-4a9b-a824-4318950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240a8-1a9c-4a9b-a824-4318950d210f",
|
|
"value": "10.6.139.112"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594240a8-bf6c-44cf-9d53-4a2b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://www.montostroj.eu/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594240a9-79d8-4572-8546-4645950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'www.montostroj.eu']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240aa-72c4-4792-9572-43ab950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240aa-72c4-4792-9572-43ab950d210f",
|
|
"ipv4-addr--594240aa-72c4-4792-9572-43ab950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240aa-72c4-4792-9572-43ab950d210f",
|
|
"dst_ref": "ipv4-addr--594240aa-72c4-4792-9572-43ab950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240aa-72c4-4792-9572-43ab950d210f",
|
|
"value": "195.168.1.32"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240aa-8504-4387-8887-4321950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240aa-8504-4387-8887-4321950d210f",
|
|
"ipv4-addr--594240aa-8504-4387-8887-4321950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240aa-8504-4387-8887-4321950d210f",
|
|
"dst_ref": "ipv4-addr--594240aa-8504-4387-8887-4321950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240aa-8504-4387-8887-4321950d210f",
|
|
"value": "195.168.1.33"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594240ab-35c8-496c-a3fa-49bd950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[url:value = 'http://xiandefood.com/98tf77b']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"url\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--594240ab-ce48-4ca9-a65b-437e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"pattern": "[domain-name:value = 'xiandefood.com']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:17:18Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Network activity"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"hostname\"",
|
|
"misp:category=\"Network activity\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240ac-3fc0-4aa3-acd0-406b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240ac-3fc0-4aa3-acd0-406b950d210f",
|
|
"ipv4-addr--594240ac-3fc0-4aa3-acd0-406b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240ac-3fc0-4aa3-acd0-406b950d210f",
|
|
"dst_ref": "ipv4-addr--594240ac-3fc0-4aa3-acd0-406b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240ac-3fc0-4aa3-acd0-406b950d210f",
|
|
"value": "119.10.50.116"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240b6-5998-4d5d-a05d-425f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240b6-5998-4d5d-a05d-425f950d210f",
|
|
"ipv4-addr--594240b6-5998-4d5d-a05d-425f950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240b6-5998-4d5d-a05d-425f950d210f",
|
|
"dst_ref": "ipv4-addr--594240b6-5998-4d5d-a05d-425f950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240b6-5998-4d5d-a05d-425f950d210f",
|
|
"value": "94.140.121.173"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240b7-d70c-4c95-8a82-48db950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240b7-d70c-4c95-8a82-48db950d210f",
|
|
"ipv4-addr--594240b7-d70c-4c95-8a82-48db950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240b7-d70c-4c95-8a82-48db950d210f",
|
|
"dst_ref": "ipv4-addr--594240b7-d70c-4c95-8a82-48db950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240b7-d70c-4c95-8a82-48db950d210f",
|
|
"value": "151.80.84.2"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240b8-51ec-45fa-bb6f-4a86950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240b8-51ec-45fa-bb6f-4a86950d210f",
|
|
"ipv4-addr--594240b8-51ec-45fa-bb6f-4a86950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240b8-51ec-45fa-bb6f-4a86950d210f",
|
|
"dst_ref": "ipv4-addr--594240b8-51ec-45fa-bb6f-4a86950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240b8-51ec-45fa-bb6f-4a86950d210f",
|
|
"value": "194.87.238.129"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240b9-4670-4f0d-b8ee-44b4950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240b9-4670-4f0d-b8ee-44b4950d210f",
|
|
"ipv4-addr--594240b9-4670-4f0d-b8ee-44b4950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240b9-4670-4f0d-b8ee-44b4950d210f",
|
|
"dst_ref": "ipv4-addr--594240b9-4670-4f0d-b8ee-44b4950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240b9-4670-4f0d-b8ee-44b4950d210f",
|
|
"value": "151.80.84.12"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240bb-0114-4f12-9306-42ff950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240bb-0114-4f12-9306-42ff950d210f",
|
|
"ipv4-addr--594240bb-0114-4f12-9306-42ff950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240bb-0114-4f12-9306-42ff950d210f",
|
|
"dst_ref": "ipv4-addr--594240bb-0114-4f12-9306-42ff950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240bb-0114-4f12-9306-42ff950d210f",
|
|
"value": "195.133.145.144"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240bc-3770-49f0-8edc-424a950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240bc-3770-49f0-8edc-424a950d210f",
|
|
"ipv4-addr--594240bc-3770-49f0-8edc-424a950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240bc-3770-49f0-8edc-424a950d210f",
|
|
"dst_ref": "ipv4-addr--594240bc-3770-49f0-8edc-424a950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240bc-3770-49f0-8edc-424a950d210f",
|
|
"value": "37.1.207.174"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240be-7854-41ad-b8cd-4a0d950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240be-7854-41ad-b8cd-4a0d950d210f",
|
|
"ipv4-addr--594240be-7854-41ad-b8cd-4a0d950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240be-7854-41ad-b8cd-4a0d950d210f",
|
|
"dst_ref": "ipv4-addr--594240be-7854-41ad-b8cd-4a0d950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240be-7854-41ad-b8cd-4a0d950d210f",
|
|
"value": "195.62.52.100"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240bf-253c-4293-8a4b-4a6e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240bf-253c-4293-8a4b-4a6e950d210f",
|
|
"ipv4-addr--594240bf-253c-4293-8a4b-4a6e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240bf-253c-4293-8a4b-4a6e950d210f",
|
|
"dst_ref": "ipv4-addr--594240bf-253c-4293-8a4b-4a6e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240bf-253c-4293-8a4b-4a6e950d210f",
|
|
"value": "94.140.121.174"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240c0-6cf0-4c49-98da-4add950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240c0-6cf0-4c49-98da-4add950d210f",
|
|
"ipv4-addr--594240c0-6cf0-4c49-98da-4add950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240c0-6cf0-4c49-98da-4add950d210f",
|
|
"dst_ref": "ipv4-addr--594240c0-6cf0-4c49-98da-4add950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240c0-6cf0-4c49-98da-4add950d210f",
|
|
"value": "195.133.146.136"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240c1-fb6c-4126-a829-459b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240c1-fb6c-4126-a829-459b950d210f",
|
|
"ipv4-addr--594240c1-fb6c-4126-a829-459b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240c1-fb6c-4126-a829-459b950d210f",
|
|
"dst_ref": "ipv4-addr--594240c1-fb6c-4126-a829-459b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240c1-fb6c-4126-a829-459b950d210f",
|
|
"value": "193.0.140.177"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240c2-2a28-4b54-9ddd-4016950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240c2-2a28-4b54-9ddd-4016950d210f",
|
|
"ipv4-addr--594240c2-2a28-4b54-9ddd-4016950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240c2-2a28-4b54-9ddd-4016950d210f",
|
|
"dst_ref": "ipv4-addr--594240c2-2a28-4b54-9ddd-4016950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240c2-2a28-4b54-9ddd-4016950d210f",
|
|
"value": "89.231.13.18"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240c3-5a38-4e9d-ae62-472c950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240c3-5a38-4e9d-ae62-472c950d210f",
|
|
"ipv4-addr--594240c3-5a38-4e9d-ae62-472c950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240c3-5a38-4e9d-ae62-472c950d210f",
|
|
"dst_ref": "ipv4-addr--594240c3-5a38-4e9d-ae62-472c950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240c3-5a38-4e9d-ae62-472c950d210f",
|
|
"value": "89.231.13.27"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240c5-9d60-4ea5-b780-4d12950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240c5-9d60-4ea5-b780-4d12950d210f",
|
|
"ipv4-addr--594240c5-9d60-4ea5-b780-4d12950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240c5-9d60-4ea5-b780-4d12950d210f",
|
|
"dst_ref": "ipv4-addr--594240c5-9d60-4ea5-b780-4d12950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240c5-9d60-4ea5-b780-4d12950d210f",
|
|
"value": "89.231.13.33"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240c7-4c34-41eb-94bd-4229950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240c7-4c34-41eb-94bd-4229950d210f",
|
|
"ipv4-addr--594240c7-4c34-41eb-94bd-4229950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240c7-4c34-41eb-94bd-4229950d210f",
|
|
"dst_ref": "ipv4-addr--594240c7-4c34-41eb-94bd-4229950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240c7-4c34-41eb-94bd-4229950d210f",
|
|
"value": "190.228.169.106"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240c8-3eb4-4949-8ee3-42b7950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240c8-3eb4-4949-8ee3-42b7950d210f",
|
|
"ipv4-addr--594240c8-3eb4-4949-8ee3-42b7950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240c8-3eb4-4949-8ee3-42b7950d210f",
|
|
"dst_ref": "ipv4-addr--594240c8-3eb4-4949-8ee3-42b7950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240c8-3eb4-4949-8ee3-42b7950d210f",
|
|
"value": "168.194.80.219"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240c9-d840-4054-b65a-4044950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240c9-d840-4054-b65a-4044950d210f",
|
|
"ipv4-addr--594240c9-d840-4054-b65a-4044950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240c9-d840-4054-b65a-4044950d210f",
|
|
"dst_ref": "ipv4-addr--594240c9-d840-4054-b65a-4044950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240c9-d840-4054-b65a-4044950d210f",
|
|
"value": "94.42.91.27"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240ca-dc70-44b4-90f5-4235950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240ca-dc70-44b4-90f5-4235950d210f",
|
|
"ipv4-addr--594240ca-dc70-44b4-90f5-4235950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240ca-dc70-44b4-90f5-4235950d210f",
|
|
"dst_ref": "ipv4-addr--594240ca-dc70-44b4-90f5-4235950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240ca-dc70-44b4-90f5-4235950d210f",
|
|
"value": "118.91.178.121"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240cb-8f80-482e-ad3d-470f950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240cb-8f80-482e-ad3d-470f950d210f",
|
|
"ipv4-addr--594240cb-8f80-482e-ad3d-470f950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240cb-8f80-482e-ad3d-470f950d210f",
|
|
"dst_ref": "ipv4-addr--594240cb-8f80-482e-ad3d-470f950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240cb-8f80-482e-ad3d-470f950d210f",
|
|
"value": "118.91.178.114"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240cd-103c-47c8-931a-480b950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240cd-103c-47c8-931a-480b950d210f",
|
|
"ipv4-addr--594240cd-103c-47c8-931a-480b950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240cd-103c-47c8-931a-480b950d210f",
|
|
"dst_ref": "ipv4-addr--594240cd-103c-47c8-931a-480b950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240cd-103c-47c8-931a-480b950d210f",
|
|
"value": "186.103.161.204"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240ce-affc-4cbd-973e-4741950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240ce-affc-4cbd-973e-4741950d210f",
|
|
"ipv4-addr--594240ce-affc-4cbd-973e-4741950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240ce-affc-4cbd-973e-4741950d210f",
|
|
"dst_ref": "ipv4-addr--594240ce-affc-4cbd-973e-4741950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240ce-affc-4cbd-973e-4741950d210f",
|
|
"value": "163.53.206.187"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240cf-fff4-4940-83e2-47c0950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240cf-fff4-4940-83e2-47c0950d210f",
|
|
"ipv4-addr--594240cf-fff4-4940-83e2-47c0950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240cf-fff4-4940-83e2-47c0950d210f",
|
|
"dst_ref": "ipv4-addr--594240cf-fff4-4940-83e2-47c0950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240cf-fff4-4940-83e2-47c0950d210f",
|
|
"value": "159.224.26.79"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240d1-f014-473a-8ce8-4035950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240d1-f014-473a-8ce8-4035950d210f",
|
|
"ipv4-addr--594240d1-f014-473a-8ce8-4035950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240d1-f014-473a-8ce8-4035950d210f",
|
|
"dst_ref": "ipv4-addr--594240d1-f014-473a-8ce8-4035950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240d1-f014-473a-8ce8-4035950d210f",
|
|
"value": "188.117.92.134"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240d2-1798-414c-88b2-4742950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240d2-1798-414c-88b2-4742950d210f",
|
|
"ipv4-addr--594240d2-1798-414c-88b2-4742950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240d2-1798-414c-88b2-4742950d210f",
|
|
"dst_ref": "ipv4-addr--594240d2-1798-414c-88b2-4742950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240d2-1798-414c-88b2-4742950d210f",
|
|
"value": "46.160.165.16"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240d3-c6bc-4059-8c10-499e950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240d3-c6bc-4059-8c10-499e950d210f",
|
|
"ipv4-addr--594240d3-c6bc-4059-8c10-499e950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240d3-c6bc-4059-8c10-499e950d210f",
|
|
"dst_ref": "ipv4-addr--594240d3-c6bc-4059-8c10-499e950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240d3-c6bc-4059-8c10-499e950d210f",
|
|
"value": "191.7.30.30"
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--594240d4-8398-48bc-814f-4397950d210f",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:17:18.000Z",
|
|
"modified": "2017-06-16T11:17:18.000Z",
|
|
"first_observed": "2017-06-16T11:17:18Z",
|
|
"last_observed": "2017-06-16T11:17:18Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"network-traffic--594240d4-8398-48bc-814f-4397950d210f",
|
|
"ipv4-addr--594240d4-8398-48bc-814f-4397950d210f"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"ip-dst\"",
|
|
"misp:category=\"Network activity\""
|
|
]
|
|
},
|
|
{
|
|
"type": "network-traffic",
|
|
"spec_version": "2.1",
|
|
"id": "network-traffic--594240d4-8398-48bc-814f-4397950d210f",
|
|
"dst_ref": "ipv4-addr--594240d4-8398-48bc-814f-4397950d210f",
|
|
"protocols": [
|
|
"tcp"
|
|
]
|
|
},
|
|
{
|
|
"type": "ipv4-addr",
|
|
"spec_version": "2.1",
|
|
"id": "ipv4-addr--594240d4-8398-48bc-814f-4397950d210f",
|
|
"value": "168.194.83.57"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5943be8b-4ee8-4387-85a5-40dc02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:18:35.000Z",
|
|
"modified": "2017-06-16T11:18:35.000Z",
|
|
"description": "- Xchecked via VT: 4dc2e516738d5495fd927287a971489c",
|
|
"pattern": "[file:hashes.SHA256 = 'ca722faca2b8ecc50c12dea55208cb9a719eea5c7c2c0632da0b0570ebc6b1c8']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:18:35Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5943be8c-65a8-4a55-a531-42e802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:18:36.000Z",
|
|
"modified": "2017-06-16T11:18:36.000Z",
|
|
"description": "- Xchecked via VT: 4dc2e516738d5495fd927287a971489c",
|
|
"pattern": "[file:hashes.SHA1 = '289554e34250b65f41aca4f94b27eb71b77e81d0']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:18:36Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5943be8c-679c-460c-9ed8-4d2602de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:18:36.000Z",
|
|
"modified": "2017-06-16T11:18:36.000Z",
|
|
"first_observed": "2017-06-16T11:18:36Z",
|
|
"last_observed": "2017-06-16T11:18:36Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5943be8c-679c-460c-9ed8-4d2602de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5943be8c-679c-460c-9ed8-4d2602de0b81",
|
|
"value": "https://www.virustotal.com/file/ca722faca2b8ecc50c12dea55208cb9a719eea5c7c2c0632da0b0570ebc6b1c8/analysis/1497505321/"
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5943be8d-0560-4544-b026-458302de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:18:37.000Z",
|
|
"modified": "2017-06-16T11:18:37.000Z",
|
|
"description": "- Xchecked via VT: 72d0b64233735fd25bff272d94b82333",
|
|
"pattern": "[file:hashes.SHA256 = '7712fcc54a22e33f49f1394bce603a397adf418695cdfe2503cf77fe5678e395']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:18:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha256\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "indicator",
|
|
"spec_version": "2.1",
|
|
"id": "indicator--5943be8d-3a44-47d7-8c4b-497802de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:18:37.000Z",
|
|
"modified": "2017-06-16T11:18:37.000Z",
|
|
"description": "- Xchecked via VT: 72d0b64233735fd25bff272d94b82333",
|
|
"pattern": "[file:hashes.SHA1 = 'e186da769f85c3c7e7352a1b8ed7520403866964']",
|
|
"pattern_type": "stix",
|
|
"pattern_version": "2.1",
|
|
"valid_from": "2017-06-16T11:18:37Z",
|
|
"kill_chain_phases": [
|
|
{
|
|
"kill_chain_name": "misp-category",
|
|
"phase_name": "Artifacts dropped"
|
|
}
|
|
],
|
|
"labels": [
|
|
"misp:type=\"sha1\"",
|
|
"misp:category=\"Artifacts dropped\"",
|
|
"misp:to_ids=\"True\""
|
|
]
|
|
},
|
|
{
|
|
"type": "observed-data",
|
|
"spec_version": "2.1",
|
|
"id": "observed-data--5943be8e-dab4-4b61-8a91-4a7b02de0b81",
|
|
"created_by_ref": "identity--55f6ea5e-2c60-40e5-964f-47a8950d210f",
|
|
"created": "2017-06-16T11:18:38.000Z",
|
|
"modified": "2017-06-16T11:18:38.000Z",
|
|
"first_observed": "2017-06-16T11:18:38Z",
|
|
"last_observed": "2017-06-16T11:18:38Z",
|
|
"number_observed": 1,
|
|
"object_refs": [
|
|
"url--5943be8e-dab4-4b61-8a91-4a7b02de0b81"
|
|
],
|
|
"labels": [
|
|
"misp:type=\"link\"",
|
|
"misp:category=\"External analysis\""
|
|
]
|
|
},
|
|
{
|
|
"type": "url",
|
|
"spec_version": "2.1",
|
|
"id": "url--5943be8e-dab4-4b61-8a91-4a7b02de0b81",
|
|
"value": "https://www.virustotal.com/file/7712fcc54a22e33f49f1394bce603a397adf418695cdfe2503cf77fe5678e395/analysis/1497521965/"
|
|
},
|
|
{
|
|
"type": "marking-definition",
|
|
"spec_version": "2.1",
|
|
"id": "marking-definition--613f2e26-407d-48c7-9eca-b8e91df99dc9",
|
|
"created": "2017-01-20T00:00:00.000Z",
|
|
"definition_type": "tlp",
|
|
"name": "TLP:WHITE",
|
|
"definition": {
|
|
"tlp": "white"
|
|
}
|
|
}
|
|
]
|
|
} |